Table of Contents |
---|
Kiuwan Code Security allows you to perform a security-focused analysis of your source code.
...
The Top-10 Worst Files graphic displays a ranking of worst (low-rated) files of your application, showing the security rating and the number of vulnerabilities found.
Timeline
The Timeline section displays a historical evolution of your Security Rating and Total Effort (to reach 5-star rating) as well as the total LOC size of your application.
...
- When a baseline analysis was performed (only applicable if you are using Life Cycle). If you are not using Life Cycle, that date will be current date of the analysis.
- Model used for the current analysis
- Portfolios this analysis belongs to
- Graphical distribution of LOCs in different languages
Files
Files provides a detailed view of your application files according to security issues.
...
It provides some summary data as well as detailed info on every file of your application.
<<sec-7.png>
Security Rating is the overall rating as described in Code Security Summary.
The Distribution By Rating displays a histogram where you can see the distribution of files according to their security rating (1-5 stars).
Distribution By Number of Vulnerabilities displays a histogram where you can see the distribution of app files according to the number of vulnerabilities. Quantities are grouped in 5 ranges calculated based on the maximum and minimum number of vulnerabilities in the application.
Files table lists application files with the following information:
...
You can order results (in ascending or descending order) by clicking on each column name.
Vulnerabilities
Vulnerabilities provide a detailed view of all the application’s vulnerabilities, allowing to:
...
- Compare analysis results with any other analysis
- Mute vulnerabilities
- Export vulnerabilities to CSV format
Please visit Please Kiuwan Code Analysis site site for info on the above functionalities.
General section displays group information on vulnerabilities:
- By Vulnerability Type: number of vulnerabilities for every type (please see XXXXXXX)
- By Language: number of vulnerabilities found for every programming language
- By Priority: number of vulnerabilities found by priority (according to security rules priorities as defined in the model used for the analysis)
...
Figures are also displayed for
- Violated Rules: number of security rules (checks) with associated vulnerabilities
- Vulnerabilities: total number of vulnerabilities found in app source code
- Very High: number of Very High vulnerabilities
- Security Rating: overall application security rating
...
Along with these metrics, Vulnerability page displays a full listing of defects that you can browse, filter and order by following criteria:
- Files: Number of files that are not conformant to the selected security rule
- Defects: Number of vulnerabilities found for the selected security rule
- Rule: Name (desc) of the security rule
- Priority of the rule (from Low to Very High)
- CWE weakness reference(s) mapping for the selected security rule
- Characteristic : main software analytics categorization of the selected rule
- Vulnerability Type: security topic addressed by the selected security rule
- Programming Language
- Effort to invest to fix all the vulnerabilities of the selected security rule
...