Package: Invicti AppSec Core (on-demand) , Invicti AppSec Enterprise (on-premise, on-demand)
Add new issue rule
It's possible to create issue criteria both at a global or project level.
Issue criteria apply to both AppSec and Infra vulnerabilities. However, specific criteria like OWASP Top-10 or CWE are more AppSec oriented and won't apply to most Infra vulnerabilities that lack this information.
Global and project-level criteria
Only one issue criteria entered at a global level can be set as default so that it's applied to all projects automatically. Default global issue criterion doesn't override the project level criteria but works alongside them.
So, suppose there's a default issue criterion entered at a global level, and a different one entered at a project level. In that case, Invicti AppSec checks for both before deciding if any vulnerabilities need to be assigned an issue on the issue manager.
Import global criteria
You can import other global issue criteria not set as default under the Issue Assignment section in Project Settings.
Label associations
You can associate labels with global issue criteria. Suppose the same label related to a global issue criterion is added to a project. In that case, the global issue criterion associated with that label is automatically assigned to the project.
Edit imported criteria
You can edit global issue criteria imported to projects under project settings. However, it only applies changes made to the specific project, and global criteria remain unchanged.
Infrastructure integration
When Infra Group Name is added to the project, Issue Criteria runs when scanning is triggered on the added Infra Group Name.
How issue criteria work
- Define conditions: Set specific conditions that vulnerabilities must meet to trigger ticket creation
- Set scope: Apply criteria globally (as default or templates) or at the project level
- Associate labels: Link criteria to specific labels for automatic project assignment
- Import templates: Use non-default global criteria as quick templates for project setup
- Automatic execution: Criteria run during scan processing to create tickets for matching vulnerabilities
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center