Allow display of scan results to be based on areas of risk

Problem to solve

Results of scanners can be high in volume and high in noise.

In order to help customers better target, we should allow them to identify area of code and the associated risk, for example as defined in their threat model, and use that to influence the display of the results.

For example - we might allow filtering out of all results not related to a high threat area, and then sort the results by severity (Cvss2/CVss3) within the high threat areas.

Intended users

Further details

Allow display of scan results to be based on areas of risk

Problem to solve

Intended users

Further details

Proposal

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references