Findings

Referenceable fields for Findings

Iterating Over FINDINGS

The easiest way to iterate over findings is via a for-loop. Findings are categorized by criticality. Iterating through findings at this level will resolve to an object that contains the CRITICALITY of the findings in this collection, as well as the findings collection, itself.

{%p for finding in FINDINGS %}

Title

The title of a finding object may be referenced via the title field.

{{ finding.title }}

Status

The status of a finding object may be referenced via the status field.

{{ finding.status }}

Severity

The severity of a finding object may be referenced via the severity field.

{{ finding.severity }}

Description

The description of a finding object may be referenced via the description field. Adding a "p" after the first double-curly braces will prevent an unwanted newline. This method only works for rich-text fields and will cause errors if used with plain-text fields.

{{p finding.description }}

Exhibits

The easiest way to iterate over exhibits (screenshots and code samples uploaded in the dedicated tab when editing a finding) in a finding is via a for-loop. Each exhibit contains caption and path fields.

{%p if find.exhibits %}
{%p for exhibit in find.exhibits %}
{%p if exhibit.caption %}
{{ exhibit.caption }}
{%p endif %}
{%p if exhibit.path %}
{{ exhibit.path }}
{%p endif %}
{%p endfor %}
{%p endif %}

Code Samples

The easiest way to iterate over code_samples in a finding is via a for-loop. Each code sample contains caption and code fields.

{%p if finding.code_samples %}
{%p for sample in find.code_samples %}
{%p if sample.caption %}
{{ sample.caption }}
{%p endif %}
{%p if sample.code %}
{{ sample.code }}
{%p endif %}
{%p endfor %}
{%p endif %}

Affected Assets

The easiest way to iterate over affected_assets in a finding is via a for-loop. Each affected asset is a string and therefore contains no additional fields.

{%p if finding.affected_assets %}
{%p for asset in finding.affected_assets %}
{{ asset }}
{%p endfor %}
{%p endif %}

Recommendations

The easiest way to iterate over recommendations in a finding is via a for-loop. Each recommendation is a string and therefore contains no additional fields.

{%p if finding.recommendations %}
{%p for recommendation in finding.recommendations %}
{{ recommendation }}
{%p endfor %}
{%p endif %}

References

The easiest way to iterate over references in a finding is via a for-loop. Each reference is a string and therefore contains no additional fields.

{%p if finding.references %}
{%p for reference in finding.references %}
{{ reference }}
{%p endfor %}
{%p endif %}

Custom Fields

Custom fields are referenced by their key in the fields object. Each custom field contains a label and value that may then be referenced.

{%p if finding.fields and finding.fields.key and finding.fields.key.value %}
{{ find.fields.key.label }}: {{ find.fields.key.value }}
{%p endif %}

Scores

The scores custom field is a special field that may be included in each finding. Each score object contains general, cvss, and cvss3 objects. The general, cvss, and cvss3 objects each contain label, value, and `calculation fields.

{%p if finding.fields and finding.fields.scores and finding.fields.scores.cvss3 and finding.fields.scores.cvss3 and finding.fields.scores.cvss3.value %}
CVSSv3: {{ finding.fields.scores.cvss3.value }}
Calculation: {{ finding.fields.scores.general.calculation }}
{%p endif %}

Tags

{# This will display the title of the finding with the tags beneath it #}
{%p for group in FINDINGS %}
{%p for f in group.FINDINGS %}
{%p if f.tags %}
{%p for tag in f.tags %}
{{ tag }} {# Displays the tag #}
{%p endfor %}
{%p endif %}
{%p endfor %}
{%p endfor %}