Making Comments Mandatory on Result Severity State Change (v9.3.0 and up)

CxSAST offers the option to require adding comments when changing the state of a scan result in one of the following two modes:

  • Changing the state of a scan result to Not Exploitable
  • Changing the state of a scan result to any state.

This functionality is configured via a flag in your SQL database and disabled by default. If you wish to enable this feature, you have to do so in the respective SQL database table as explained below:

 1. On the host that hosts your database, search for Microsoft SQL Server Management Studio 

 2. Log in to the database. The database interface with the Object Explorer appears.

  

 3. Start a new query by clicking . A new query interface appears.

 4. Copy the query below and paste it into the empty query interface.


 5. Once you have pasted the relevant code into the query interface and click . The database is updated.


To verify the current feature configuration:

  • Start a new query again and copy the query below into the query interface and click . The result is displayed in the Results tab as illustrated below.


In the screenshot above, you can see an example of a configuration where the mandatory comment has been turned on for all Result State changes.


To verify the result manually:

 1. In the Object Explorer, expand the Databases folder and then expand CxDB.

 

 2. Under Tables, navigate to dbo.CxComponentsConfiguration.

 

 3. Right-click dbo.CxComponentsConfiguration and select Select Top 1000 Rows from the menu.

 4. Navigate to MandatoryCommentOnChangeResultState and MandatoryCommentOnChangeResultStateToNE and check whether the configuration keys' value is set to false or true as desired.

  • MandatoryCommentOnChangeResultState: When set to true, a comment is required for any result state change.
  • MandatoryCommentOnChangeResultStateToNE: When set to true, a comment is required when changing the result state to Not Exploitable. All other result state changes do not require a comment.

 

 5. Save your changes, if not already done.

 6. Exit the database. To do so, go to the File menu and select Exit.