Modify the severity of findings for Python applications

This article will show you how to use Qwiet's modifying findings feature to change the vulnerability's assigned severity level after initial code analysis.

Prerequisites

We assume that you have a GitHub repo that you're scanning using preZero.

Step 1: Create the configuration file

In the root directory, create a configuration file called ngsast.yaml that includes the following:

ngsast:
- app:
    name: shiftleft-python-example
    modify-findings:
      - downgrade_sqli

finding-modifications:
  downgrade_sqli:
    # Use filter to specify the category
    filter:
      category:
        - SQL Injection
    # Specify the value for the tags, such as cvss_score or severity,
    # that you would like to use. Optionally, you can add a custom tag 
    # (e.g, a tag indicating the reason a vuln is marked as such)
    tags:
      - key: cvss_score
        value: 5
      - key: cvss_31_severity_rating
        value: medium
      - key: severity
        value: moderate
      - key: reason
        value: appsec_approved

Step 2: Run the action

Qwiet will automatically check your config file for rules defined as finding-modifications. If this exists, Qwiet will modify your findings whenever you run sl analyze as part of your Action.

Testing your changes

Once you've implemented these changes, all identified SQL Injection vulnerabilities will be automatically marked with a status of medium instead of critical once your workflow runs.

Prerequisites​

Step 1: Create the configuration file​

Step 2: Run the action​

Testing your changes​

Prerequisites

Step 1: Create the configuration file

Step 2: Run the action

Testing your changes