Mitigating Flaws in Sandbox Scans

Developer Sandbox

You can mitigate flaws found in sandbox scans.

You can validate the security of your application on a developer sandbox scan before you submit a policy scan that counts towards your policy compliance score. Alternatively, you have the option to promote a sandbox scan to a policy scan that counts toward your policy compliance score.

To view which flaws in your sandbox scan affect your policy, select the Fix for Policy filter in the Triage Flaws page of your scan results.

If you choose to use the promote functionality, designate one sandbox to use for promotion purposes. Apply all mitigations to the latest scan of the complete application in your sandbox designated for promotion, and only promote from the sandbox designated for promotion. When you are satisfied with the security posture of the application scanned in the designated developer sandbox, you can promote the most recent developer sandbox to policy. You can create other sandboxes to test newer versions of your application, or individual components of an application, but it is recommended that you do not to promote from these sandboxes when you use the promote functionality.

When you promote a sandbox scan to a policy scan, any mitigations of flaws found in the sandbox scan are also promoted, regardless of whether the mitigation status is proposed, rejected, or accepted. Sandbox scans inherit accepted mitigations from previous scans of the same application in that sandbox. When you promote a sandbox scan, the mitigation status of each individual flaw in the promoted scan becomes the mitigation status of that policy scan.