Static Code Finding Data Model
The Static Code Finding data model represents a security finding identified using the Static Application Security Testing (SAST) methodology. It extends the Finding data model.
The following table details the default attributes of the Static Code Finding data model:
| Attribute Name | Attribute Type | Relationship Type | Required |
|---|---|---|---|
ageInDays | Calculated (Number) | N/A | No |
approvedExceptionRequest | Calculated (True False) | N/A | No |
approvedFalsePositiveRequest | Calculated (True False) | N/A | No |
approvedRemediationValidationRequest | Calculated (True False) | N/A | No |
approvedRiskAcceptanceRequest | Calculated (True False) | N/A | No |
assessment | Reference (Assessment) | DISCOVERED_IN | No |
attachments | Attachments | N/A | No |
baseRiskScore | Calculated (Number) | N/A | No |
categories | Text (Multivalued) | N/A | No |
cisaDueDateExpired | Calculated (True False) | N/A | No |
codeSnippet | Text Area | N/A | No |
comments | Comments | N/A | No |
complianceStatus | Calculated (Single Choice) | N/A | No |
confidence | Single Choice | N/A | No |
connectorCategories | Text (Multivalued) | N/A | No |
connectorNames | Text (Multivalued) | N/A | No |
createdBy | Text | N/A | No |
dataIntegrationTitles | Text (Multivalued) | N/A | No |
dataModelName | Calculated (Text) | N/A | No |
dateCreated | Date Time | N/A | No |
daysToFix | Calculated (Number) | N/A | No |
description | Text Area | N/A | No |
displayName | Calculated (Text) | N/A | Yes |
dueDate | Calculated (Date Time) | N/A | No |
extendedDueDate | Date Time | N/A | No |
fileName | Text | N/A | No |
firstFound | Date Time | N/A | No |
flowState | Text | N/A | No |
informedUsers | Category (Informed user) | INFORMED_OF | No |
languages | Text (Multivalued) | N/A | No |
lastFixed | Date Time | N/A | No |
lastFound | Date Time | N/A | No |
lastUpdated | Date Time | N/A | No |
lifecycleInactiveDate | Calculated (Date Time) | N/A | No |
lifecyclePurgeDate | Calculated (Date Time) | N/A | No |
lifecycleStatus | Calculated (Single Choice) | N/A | No |
method | Text | N/A | No |
name | Text | N/A | No |
remediationOwner | Category (Remediation owner) | OWNS_REMEDIATION | No |
remediationSLA | Number | N/A | No |
results | Text | N/A | No |
riskFactorOffset | Calculated (Number) | N/A | No |
riskFactors | Risk Factors | N/A | No |
riskOwner | Category (Risk owner) | OWNS_RISK | No |
riskRating | Calculated (Singe Choice) | N/A | No |
riskScore | Calculated (Number) | N/A | No |
riskScoringModel | Risk Scoring Model | N/A | No |
severity | Single Choice | N/A | No |
sla | Calculated (Number) | N/A | No |
slaDefinition | SLA | N/A | No |
slaLevel | Calculated (Text) | N/A | No |
sourceStatus | Single Choice | N/A | No |
sourceUids | Text (Multivalued) | N/A | No |
sources | Reference (Source model) | SOURCED_FROM | No |
sourcesIcons | Source data models icons | N/A | No |
status | Calculated (Single Choice) | N/A | No |
statusCategory | Calculated (Single Choice) | N/A | No |
statusConfigurationModel | Status Configuration Model | N/A | No |
summary | Text | N/A | No |
targets | Reference (Asset) | HAS | No |
type | Reference (Static code finding definition) | IS | No |
uid | Text | N/A | Yes |
updatedBy | Text | N/A | No |
FOOTNOTES
- The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
- In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome. For additional information, see Calculated attributes.
- In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
- The Relationship Type column only applies to the Category and Reference type attributes. You can use the relationship type keyword in BQL queries.