Examples are additional data points stored against an asset and a finding. An example is an instance of a finding relating to an asset. This serves as the evidence to prove a finding or to help a client reproduce the issue.
Examples can are generally expanded descriptions of issues that include screenshots, code samples, request/response data (from network communications such as HTTP proxy logs), etc.
Access to examples is based on access to the finding. If the user can access the finding, they can access the example content.
The example list is available on the finding view:
Examples are nested under assets. An example can only be linked to a single asset. That is, the example is the instance of a finding relating to the asset. An asset can have multiple examples associated with it, however.
Adding an example is carried out from the finding view by selecting the Example… option from the + ADD button’s menu. Once the edit window is open, the user can set the title, associate with an asset and add any additional data points or deleted descriptions via the WYSIWYG field.
Outputting examples in reports¶
It is possible to include/exclude examples for reporting purposes. Selecting the example and setting it to output = yes/no will influence whether or not the example is output when generating a report. This can be useful in cases where you may have many examples, but only require a selection for illustration purposes.
By default, examples imported from tools are always set to output.
Examples can be deleted from the finding view by selecting them and deleting them: