Rule Identifying Information

The identifying information for a rule includes severity, CWE, and a description. These fields are all optional. When provided, they will alter the corresponding values for findings associated with that rule.

Each rule's identifying information is collapsed by default. To expand it, click the dropdown configuration icon and select View Details.

If you have the admin role, you can edit an existing rule's identifying information (aside from the read-only Software Risk Manager rule set).

To rename a rule, click on its name to open an edit window. Enter a new name then press Enter.

To change the severity, CWE, or description for a rule, expand the identifying information section, then click the pencil icon next to the corresponding header. This will activate an inline form allowing you to make changes to the value. Once you've set the desired value, click Save to apply the change. Click Cancel o discard your changes without saving.

You can add criteria from editable rules via the forms at the bottom of each rule's criteria list.