< Back to all manuals

Xcalscan User Manual (Release 2.0.0)

Xcalscan User Manual (Release 2.0.0)

Scan Results

10.2 Detailed List of Defects

latest update: 2021-06-17

Xcalscan shows a detailed list of defects that have been detected in the scan result. These defects can be viewed categorized by standard, rulesets, and/or custom developed rules. You can filter defects using the filtering system in the right-hand pane on the scan results page. This will be described in detail in section 10.4.

The defects are displayed in a table that includes the following information:

The detailed results can be sorted by category wherever there is an up/down arrow next to the category.You can select to view the items by 10, 15, 20 or 25 a page.

Information Description
Colour coded vertical bar: The risk assigned to the defect is highlighted on the left. Red is high, orange is medium and blue is low.
ID: The identification number assigned to the defect by Xcalscan. This number enables you to track and search for the defect when it is being managed, assigned, or viewed in CI/CD tools or IDE.
Type: Describes the type of the rule for defect within the category that is being viewed. For example, when viewing the CERT standard it will list the rule name of the defect as assigned by the SEI CERT C Coding Standard.
Description: Gives more information on the rule type. The description is shortened in the normal view and a mouseover on the defect will open the description to reveal a more detailed explanation of the defect.
Rule & Standard: Refers to a standard or ruleset that the rule belongs to. In some cases, a rule may belong to multiple standards or rulesets and Xcalscan will list all possible categories for that rule in the table.
File: Lists the file name for that defect.
Line: Lists the line number in the file for that defect.
Function: Identifies the function name that is related to the defect.
Variable: Identifies the variable name for that defect.
Path Displays the number of trace paths included in the defect as it moves through the files from the source to its final destination. The complexity of the trace path is shown by the coloured index that circles the number. Blue is low complexity, orange is medium complexity, and red is high complexity.
Assignee: Shows if the defect has been assigned for remediation or is currently still unassigned.