Modify the Severity of Findings for Python Applications

This article will show you how you can use ShiftLeft's modifying findings feature to change the vulnerability's assigned severity level after initial code analysis.

Prerequisites

We assume that you have a GitHub repo that you're scanning using NG SAST.

Step 1: Create the Configuration File

In the root directory, create a configuration file called ngsast.yaml that includes the following:

ngsast:
- app:
name: shiftleft-python-example
modify-findings:
- downgrade_sqli
finding-modifications:
downgrade_sqli:
# Use filter to specify the category
filter:
category:
- SQL Injection
# Specify the value for the tags, such as cvss_score or severity, that you would like to use
# Optionally, you can add a custom tag (e.g, a tag indicating the reason a vuln is
# marked as such)
tags:
- key: cvss_score
value: 5
- key: severity
value: moderate
- key: reason
value: appsec_approved

Step 2: Run the Action

ShiftLeft will automatically check your config file for any rules defined as finding-modifications. If this exists, ShiftLeft will modify your findings whenever you run sl analyze as part of your Action.

Testing Your Changes

Once you've implemented these changes, all identified SQL Injection vulnerabilities will be automatically marked with a status of moderate instead of critical once your workflow runs.

Before: SQL Injection Vulnerabilities marked as critical:

Before Modification

After: SQL Injection Vulnerabilities marked as moderate:

After Modification