Support
Working With Issues

Viewing issues in Invicti Enterprise

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

The Issues section in Invicti Enterprise provides various lists of the vulnerabilities detected in scans run by your entire team. The four submenus give an overview of issues that have been assigned to you, issues that are awaiting a retest, issues that have been addressed, and all detected issues.

This document provides information about viewing your detected vulnerabilities on each of these issues pages and the actions you can take, such as assigning issues or changing their status, sending issues to an integrated issue tracking system, or viewing more detailed information about a particular vulnerability.

TIP: You can also view issues using the Issues API Endpoints, enabling you to easily integrate with other applications or internal systems.

Issues pages

The table below explains what information is displayed on each of the Issues pages. Click Issues in the left-side menu, then select one of the sub-menu items listed below to view that particular issues page.

Page/

Sub-menu

Description

To Do

This page displays a list of all the issues that have been assigned to you. You can take action by fixing them, assigning them to someone else, or changing their status.

Waiting for Retest

This page displays a list of all the issues with the status Fixed (Unconfirmed). They are waiting to be tested automatically by Invicti Enterprise.

Addressed Issues

This page displays a list of all the issues that have been addressed and whose status has been updated to one of the following:

  • Accepted Risk: This indicates that the issue has been considered and marked as a low risk vulnerability.
  • False Positive: This indicates that the issue has been considered and marked as not a genuine vulnerability.
  • Fixed (Confirmed): This indicates that the issue has been fixed, and Invicti Enterprise has confirmed that the vulnerability is no longer present; therefore, it requires no further action.

All Issues

This page displays a list of all issues detected in scans run by your entire team. The entire team can view all issues in a scan report, even if they only have the Manage Issues (Restricted) permission.

Column view

The information on each of the issues pages is displayed in a table format. Each of the table columns is explained below to help you understand the information you are viewing.

Column name

Description

Title

This is the name of the vulnerability, for example Insecure Frame (External).

Click on an issue title to view more detailed information about the vulnerability.

Some issues are grouped, meaning they are reported only once per target. In these cases, a message is displayed when you click through to the issue details page.

Severity

This is the vulnerability severity level. The options are:

  • Critical
  • High
  • Medium
  • Low
  • Information
  • Best Practice

For more information, refer to Vulnerability Severity Levels.

Target Group

This is the name of the target group that the scanned target belongs to.

Target

This is the name of the scanned target website.

URL/File

This is the URL or file path of the detected issue.

First Seen

This is the date and time the issue was first detected.

Last Seen

This is when the issue was most recently detected.

Tags

These are labels you can apply to group issues together or give additional context.

For more information, refer to Tagging issues in Invicti Enterprise.

Assignee

This is the name of the person who has been assigned to the issues. It may be:

  • The technical contact for the scanned target website
  • The team member who initiated the scan
  • Any other member of the team

Retestable

This indicates whether the issue can be retested. For more information, refer to Managing Issues.

Source Type

This is the scan type that detected the vulnerability. For example, Invicti DAST, or Mend SAST.

Status

This indicates the current status of the issue. All issues are initially marked as Present. The status options are:

  • Present: This indicates that the issue has been detected.
  • Accepted Risk: This indicates that the issue has been considered and marked as a low risk vulnerability.
  • False Positive: This indicates that the issue has been considered and marked as not a genuine vulnerability.
  • Fixed (Unconfirmed): This indicates that the issue has been fixed but not confirmed by Invicti Enterprise.
  • Fixed (Confirmed): This indicates that the issue has been fixed, and Invicti Enterprise has confirmed it is no longer present; therefore, it requires no further action.
  • Fixed (Can't Retest): This indicates that the issue has been found, but Invicti Enterprise cannot retest to confirm whether it has been fixed.
  • Ignored: This indicates that the issue was marked as ignored by a user. In Invicti Enterprise, to ignore an issue, you update its status as "accepted risk".
  • Revived: This indicates that the issue had been fixed in previous scans but is now present again.
  • Scanning: This indicates that Invicti Enterprise is currently scanning the vulnerability.

Filtering issues

Each of the columns described above can be used to filter the issues table to create a view of the information according to your preferences. For more information, refer to Using filters in Invicti Enterprise.

Actioning issues

The following linked pages provide more detailed information about the actions you can take for each of your issues:

For more information about the issue lifecycle, refer to Managing Issues.