Reporting
The reporting tab of the application details section lets you generate various reports. Currently, Qwiet AI generates the following reports:
- SBOM: displays the application's software bill of materials, including all of the packages and dependencies used, as well as the known vulnerabilities introduced into the application by each dependency and the associated risks;
- OWASP 2021: displays the number of issues found for each OWASP 2021 category;
- OWASP 2017: displays the number of issues found for each OWASP 2017 category;
- PCI Report: displays information covering the application security-specific portions of the Payment Card Industry (PCI) Data Security Standard (DSS) v3.2.1. Qwiet AI focuses on seventeen specific requirements across sections 3, 4, and 6 of PCI DSS and whether your app complies with each requirement.
- CWE: displays information about the CWEs in your application (if present) and the associated findings
Use the View report dropdown menu to switch between the report types.
- SBOM
- OWASP 2021
- OWASP 2017
- PCI DSS
- CWE
The SBOM report provides you with a list of dependencies used by your application, along with:
- The dependency version;
- The dependency type;
- The license type;
- The total number of CVEs introduced by the dependency, along with the number of reachable CVEs;
- When the dependency was first identified as present in your application.
If the dependency introduces CVEs, you can click on its name to see a list of all associated vulnerabilities.
Export the SBOM
You can export the SBOM generated by preZero in various standards and formats, including:
| Standard | Version | Output types |
|---|---|---|
| CycloneDX | v1.2 | XML and JSON |
| CycloneDX | v1.4 | XML and JSON |
| SPDX | 2.3 | XML, JSON, tag values |
To export the SBOM, click Export. Select the findings type and licenses you'd like included, then click Export Report to select the standard and format of your choice.
The OWASP 2021 report displays the number of findings in your application for each OWASP category (e.g., 10 total issues for A01 - Broken Access Control).
For each OWASP category, Qwiet AI displays the full list of issues encompassed by that category and whether that issue is present in your application. Clicking on the hyperlink will take you to a list of findings for that specific issue type (e.g., when you click on the Directory Traversal hyperlink, Qwiet AI will display a full list of findings indicating where in your source code this issue is present).
The OWASP 2017 report displays the number of findings in your application for each OWASP category (e.g., 3 total issues for A1 - Injection).
For each OWASP category, Qwiet AI displays the full list of issues encompassed by that category and whether that issue is present in your application. Clicking on the hyperlink will take you to a list of findings for that specific issue type (e.g., when you click on the HTTP Header Injection hyperlink, Qwiet AI will display a full list of findings indicating where in your source code this issue is present).
The PCI report covers eighteen application security-specific requirements spread across sections 3, 4, 6, and 10 of PCI DSS v3.2.1 and indicates whether your app complies with these requirements.
To obtain your report, click Export Report and indicate if you'd like to Export as PDF or Export as HTML.
The CWE report displays a list of CWEs and indicates whether those issues are present in your application. If a particular CWE is present in your application, you'll see information about the findings that introduced the issue.
To export your data, click Export Report and indicate if you'd like to Export as PDF or Export as HTML.
