This guide shows you how to manage the defects of delivery audits.
Under the Life Cycle module, select Deliveries to access and manage delivery audits, files, and defects, and to export audit reports in PDF and CSV format.
Click the Status icon to access the Audit module for every delivery. Also, you can access the Files module by clicking the Files value of the delivery.
Deliveries Audit
Click the Status icon (/
) of a delivery to open the Audit results for that delivery, which includes the Overall Result, Checkpoints passed and the reached thresholds, the Audit Score, and detected Defects. For more information on Audit results, visit Audits Management - Audit Results Page.
In addition, you can access other important modules of your deliveries by clicking the menu icon located next to the module title:
Pushing Audit results to TestRail
By integrating Kiuwan SAST (Static Application Security Testing) directly into TestRail, teams bring security findings into the same lifecycle as functional and regression tests, creating a unified view of application health. This approach, known as Quality Through Security, empowers QA and DevSecOps teams to detect, track, and remediate vulnerabilities as part of their everyday testing workflows.
Prerequisites
Before uploading Audit results, you must first establish a connection between Kiuwan and your TestRail account. For instructions, refer to the Integrations tab in Kiuwan (TestRail connection setup).
Send Audit results to TestRail
- Go to Life Cycle > Deliveries and open the Audit results for a delivery (click the Status icon).
- In the Audit results page, open the menu icon next to the module title.
-
Select Send to TestRail.
After you click Send to TestRail, Kiuwan displays a pop-up where you define where the results will be uploaded in TestRail:- Select project
- Select test suite
- Test run title (optional). If you leave this field blank, TestRail automatically generates a title for the test run.
- Click Send to TestRail to upload the Audit results.
Once you click Send to TestRail, the Audit results are sent to TestRail for processing. When processing is complete, TestRail sends an email containing a link to the TestRail location where the results were created.
View results in TestRail
After processing, you can open the link from the TestRail email to view the created test run and the imported results in TestRail.
Deliveries Files
You can access Files by selecting Files in the menu icon, as mentioned previously.
This screen displays a complete list of files included in the delivery. For every file, it shows the absolute metrics of each file:
- Lines of code
- Useful lines of code
- Global indicator
- Defects
- Effort (h)
It also shows metrics relative to the same file when it was analyzed as part of the application baseline:
- New defects: Number of new defects in this file compared to the baseline analysis
- New effort (h): Effort associated with these new defects
Deliveries Defects
Click the menu icon located next to the module title and select Defects to open the defects details for the delivery.
The defects are organized into three sections:
-
New defects: This section shows the total number of new defects that the delivery has introduced in the application (as compared to the baseline). These new defects may come from two sources:
- Defects found in the delivery files that did not appear when they were analyzed in the baseline, and
- Defects found in new files, i.e., files that were not part of the baseline
-
Removed defect: This section shows the number of defects that this delivery has removed from the baseline. The scope of the delivery affects how removed defects are calculated:
- In the case of a Partial delivery, the defect calculation is based on the comparison between the defects found in the delivery files and the defects of the same files when analyzed in the baseline.
- In case of a Complete delivery, removed defects will also include those defects of files that were analyzed in the baseline but are not part of the delivery. As the delivery is complete, the analysis assumes that those files are not part of the application anymore so their associated defects have been implicitly removed.
- Defects: This section shows the total number of defects found in the delivery files.
If there is no baseline analysis for your delivery, all defects will appear as new defects.
You can find more information about the detected defects of the delivery, including Rule name, Rule information, Priority, CWE, Characteristic, Vulnerability type, Language, Effort, and additional options.
Deliveries Components
The Components are organized into four sections:
- New components
- Removed components
- Modified components
- All components
Every section lists components and organizes them by Component name, Vulnerabilities number, Version number, Filename, Language, Obsolescence risk, License risk, and Security risk.
The obsolescence, license, and security risk are identified by a severity label based on their values.
To review more information on the components, expand each one to review the list of vulnerabilities, a description, and the severity of each one. Each vulnerability and CWE is linked to its official documentation.
Export PDF or CVS
Select PDF or CSV to export the Audit report. This report includes the Audit, checkpoint information, and checkpoint details.