Skip to main content
Skip table of contents

The Code Compliance Report

Overview

The Code Compliance Report, accessible via your Mend Platform’s main navigation, allows you to ensure your code meets top industry standards. Generate detailed reports that evaluate your code against multiple compliance standards and highlight areas that need attention.

Use cases for each Compliance Standard

When creating a Code Compliance Report, select the compliance standard you want your report to follow. For more information on each compliance type and its details, please refer to our SAST Compliance Standards documentation.

Getting it done

There are two ways to generate a Code Findings Report in the Mend Platform user interface:

  1. Via the Reports page.

    image-20240828-120750.png

  2. Via a chosen Application/Project.

    image-20240918-094647.png

Note: To investigate code findings, address false positives, and communicate results, please visit our Triage Your Code Security Findings document.

Generate the Code Compliance Report via the Reports Page

  1. Click the Reports button located in the top bar of the Mend Platform user interface:

    image-20240719-091017.png

  2. Click the Create button ( image-20240902-144937.png ) at the top-right edge of the Reports page.

    image-20240909-081228.png

  3. Select Code Compliance from the drop-down list of the Create Report wizard:

    image-20240919-140436.png

  4. Scope - Generate the report at the organization level alone or further refine it by selecting an Application and a specific Project.

    image-20240919-135446.png

  5. Configuration - specify the Report Name and Format (HTML/PDF):

    image-20240919-140255.png

  6. Compliance Standard - Choose the standard that best fits your current Application/Project.

    image-20240919-140159.png

  7. Level - Choose the report type that fits your purpose.

    • Technical: For detailed, code-level findings.

    • Short: Ideal for quick reviews and sharing key findings.

    • Summary: Best for high-level overviews and executive updates.

Note: Level is only configurable for Project scope; otherwise, it defaults to Summary.

image-20240919-140034.png

  1. Description - add a short description explaining the report's purpose. This description will show up in the report on the first intro page.

  2. Click Create.

    image-20240919-135950.png

Generate the Code Findings Report via a chosen Application/Project

  1. Navigate to the desired Application or Project and click on it.

    image-20240918-102754.png

  2. Click Code on the left pane:

    image-20240828-143153.png

  1. Click the Create Report button ( image-20240912-124433.png ) at the top-right edge of the Code Findings page.

    image-20240912-124346.png

  1. Select Code Compliance from the drop-down list of the Create Report wizard:

    image-20240919-140436.png

  1. Scope: The scope option is locked based on the Application or Project selection you made when accessing the Code Findings page.

    image-20240919-135446.png

  1. Configuration - Specify the Report Name and Format (HTML/PDF).

    image-20240919-140255.png

  1. Compliance Standard - Choose the standard that best fits your current Application/Project.

    image-20240919-140159.png

7. Level - Choose the report type that fits your purpose.

  • Technical: For detailed, code-level fixes.

  • Short: Ideal for quick reviews and sharing key findings.

  • Summary: Best for high-level overviews and executive updates.

    image-20240919-140034.png

  1. Description - Add a short description explaining the report's purpose. This description will show up in the report on the first intro page.

  2. Click Create.

    image-20240919-135950.png

Understanding the Code Compliance Report

The Code Compliance Report provides an analysis of your project’s compliance with a chosen security standard, such as OWASP Top 10 2021, NIST 800-53 Rev. 5, or PCI DSS. It highlights vulnerabilities found during a static source code security analysis, providing detailed information on the severity and classification of each issue.

Example of what page two of the OWASP Top 10 2021 report looks like:

image-20240918-093624.png

This page of the report details the following:

  • Report Information: This section includes details like the organization, application, project name, creation time, company, author, and contact email, providing a comprehensive overview of the report’s origin and context.

  • Brief Description: Contains a short statement summarizing the report’s purpose.

  • Scan Statistics: Shows detailed statistics from the scan, including the date, duration, number of files tested versus total, lines of code tested, findings categorized by severity, and lines per finding.

  • OWASP TOP 10 2021 Summary: Lists specific vulnerabilities identified during the scan under the “Cryptographic Failures” category from the OWASP Top 10 2021 list, including the type of vulnerabilities and the number of findings for each.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close