After you set up Sken into the CI/CD and into the Yaml file, check the scan findings in your Sken portal.
In this article, you can learn how to:
See the list of app scan findings and basic detail of each finding
See scan findings' details
See risk rating indicators on the list of scan findings
See the entire scan history of each finding
Options to modify the risk rating settings
By default, all the app's scans are listed for the default organization in your account, as below.
The apps are organized for whether these are actively being scanned or not. All the apps that are undergoing scans are listed in the Active group.
For each app, you can see basic details such as the app name and its language, the total number of findings so far, and the risk rating as given by Sken for this app.
See App Scan Findings
Click on the app name, or the number of findings to see the scan findings of this app.
You can see the following details for this app's scan.
Basic Scan Details
The number of findings that are active and closed. In the example screenshot, you can Findings: 46 Active, 16 Closed
An option to mark all findings as reviewed (please see See and update status for scan findings for more details)
The type of each scan listed in a grid view with the corresponding number of scan findings in each scan type
An option to select multiple scan findings
An option to search scan findings by their status
See Scan Findings
The list of findings shows the risk ratings and related details including:
Type of finding: Examples, Include mismatch, Cross site Scripting
The path of the file and line number of the corresponding finding
Scan type: Example, PHP Code Sniffer - SAST
The calculated risk rating that Sken assigns for this finding
Each scan finding has a link to show its details, immediately next to its ID. For example, next to #1279466. Click on this URL icon to see the details of this finding.
See Scan Finding Details
The scan finding details show as below.
See the risk rating at the top, with the description, the exact location of the issue, and the line number. In Instances, you can also see the number of times when the issue is found in scans.
Modify Risk Rating: If required, you can change the risk rating for any scan finding. For example in the above case, the risk rating is high. Click on the Modify link to see the options to change the risk rating, as below.
In Modify Risk Rating, change the risk rating, as required. You can also click on Modify Finding Risk Factors to change the risk rating settings for this app. (Please see Add new app for more details on app settings.)
Note: If you change the risk rating settings, it impacts all the future scan findings from now when you save the new settings.
See Instance Details
Click on each instance to expand it and see more details about the finding.
Change Finding Status
You can see an option to change the finding status, as below. (Please see See and update status for scan findings for more details.)
The right sidebar shows a few basic details of the scanned app:
Scan: The type and name of the scan for this finding
Application: The app name for this scan finding
Discovered: The day when the scan was run to show this finding
ID: The unique ID for this finding.
See the App Scan Detailed Report
In the list of findings, you can see a detailed report view of each finding. Click on the app name or on the Risk Rating, to open the detailed report, The report opens as below.
In Risk Rating, you see the rating based on the risk factor settings for this app. (Please see Add new app and check out app settings for details on how you can set up risk factor settings.)
In Findings, you can click on View All to see all the findings as explained earlier in this article.
In Scans, see the total number of scan categories that this app has gone through. For example in the above screenshot, you see:
NodeJSScan shows 27 findings, and the risk rating in yellow color means that the security issues should be noticed but are not critical enough.