IAST Tools Mapping
The table below shows the triage and severity status mappings for all of the IAST tools that are supported by Software Risk Manager.
Tools are listed alphabetically. Tool results are mapped to the Software Risk Manager status shown at the top of each column. (A blank cell indicates that an equivalent status value is unavailable or undefined.)
| IAST Tool | Critical | High | Medium | Low | Info | Unspecified |
|---|---|---|---|---|---|---|
| Checkmarx (IAST) | Critical / 4 | High / 3 | Medium / 2 | Low / 1 | Informational / 0 | Unspecified, Unknown |
| Contrast | Critical | High | Medium | Low | Note | |
| HCL AppScan on Cloud | Critical | High | Medium | Low | Information | |
| NowSecure Workstation | ||||||
| Q-MAST | CRITICAL | HIGH | MEDIUM | LOW | ||
| Synopsys Seeker | critical | high | medium | low | informational |
| IAST Tool | Ignored | False Positive | To Be Fixed | Mitigated | Fixed | Reopened |
|---|---|---|---|---|---|---|
| Checkmarx (IAST) | NOT_A_PROBLEM | CONFIRMED | REMEDIATED | |||
| Contrast | URL access limited or internal security control | False Positive | Confirmed or Suspicious | Remediated | ||
| HCL AppScan on Cloud | noise | passed | fixed | reopened | ||
| NowSecure Workstation | ||||||
| Q-MAST | ||||||
| Synopsys Seeker | Ignored / Won't Fix / Intentional, Archived | False Positive | Fixed |