...
To mark a Result State, use the Result State drop-down menu, located in the upper-left corner of the above screen.
The following pre-defined result states are provided in the Result State drop-down menu:
...
To Verify (default) – instance requires verification (i.e. authorized user)
Not Exploitable – instance has been confirmed as not exploitable (i.e. false positive). Instances defined with this state are not represented in the scan summary, graph, reports or dashboard, etc.
Proposed Not Exploitable – instance has been proposed as not exploitable (i.e. potential false positive). Instances defined with this state are represented in the scan summary, graph, reports or dashboard, etc. until such a time that the state is changed to “Not Exploitable"
Confirmed – instance has been confirmed as exploitable and requires handling
Urgent – instance has been confirmed as exploitable and requires urgent handling.
...
If a user requires additional states or prefers states with different terminology, user-defined custom result states can be added. The user-defined custom states will be added to the Result State drop-down menu.
...
To add user-defined
...
custom
...
User-defined custom result states can be added as followsresult states do the following:
Open the CxSAST database.
Open the Translations table.
Add a new record to the Translations table with new result state.
Open the Result States table.
Add a new record to the Result States table.
Restart the CxSystemManager service.
If you are creating more than one new custom result state, also run IISRESET.
Login to CxSAST Web portal.
Go to Access Control-->Roles.
Click Add new role. The new custom result state is displayed on the list of roles.
...