Findings
A finding is a vulnerability that a pentester reports during a pentest. Pentesters describe the vulnerabilities that they found during the pentest and provide recommendations on how to fix them.
Once your pentest goes Live, pentesters start testing your asset. You get updates from pentesters in a dedicated Slack channel and in the Pentester Updates sidebar.
Note
You can manage findings using the Cobalt API. Learn more in our API documentation.Organization View
To view all findings reported on all pentests within your organization, navigate to the Findings page. You need an Organization Owner or Member role to view this page.
Note
Organization Members will be limited in their Findings view, depending on group
Here, you can filter findings by:
- Finding severity level
- Finding state
- Associated assets
- Associated pentests
- Vulnerability type, from criteria such as the OWASP Top 10 list
- Retest end date
You can download findings in a CSV file based on applied filters.
Pentest View
To view findings reported on a specific pentest, on the pentest page, navigate to the Findings tab.
Here, you can filter findings by:
- Finding state
- Finding severity level
- Vulnerability type, from criteria such as the OWASP Top 10 list
- Assignee, if pentesters or someone from your organization assigned the finding
- Label, if pentesters or someone from your organization applied a label
You can download findings in a CSV file based on applied filters.
Last modified November 14, 2024