Manage code weakness issues - Ingest third-party SAST findings to create actionable issues, enabling you to prioritize and track remediation and enhancing your security posture. - Administrator Guide - Cortex XSIAM - Cortex Cloud Posture Management - Cortex CLOUD - Cortex

Manage code weakness issues - Ingest third-party SAST findings to create actionable issues, enabling you to prioritize and track remediation and enhancing your security posture. - Administrator Guide - Cortex XSIAM - Cortex Cloud Posture Management - Cortex CLOUD - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-04

Category

Administrator Guide

Abstract

Ingest third-party SAST findings to create actionable issues, enabling you to prioritize and track remediation and enhancing your security posture.

SAST code weakness scanners safeguard your applications by analyzing custom source code for security flaws, such as injection vulnerabilities, authentication bypasses, insecure cryptographic usage, and unsafe data handling, that could lead to exploitation in production environments. By detecting code weaknesses at code-time, the SAST scanner closes the gap between development practices and production-time security posture, preventing injection attacks, cross-site scripting, insecure deserialization, and other OWASP Top 10 risks from silently propagating into live environments.

Currently, Cortex Cloud does not support native SAST scanners. You can ingest Static Application Security Testing (SAST) findings from supported third-party vendors. These findings are raw security observations from your external scanners that Cortex Cloud then enriches and prioritizes to produce actionable remediation to mitigate code weaknesses.

Supported SAST vendors

Currently, Application Security supports SAST data integration from the following vendors:

In addition, you can upload SAST findings in SARIF format from Generic collectors.

Core achievements

Shifting security left: Detecting code weaknesses at code-time, before vulnerable code is deployed, reduces the cost and risk of post-deployment remediation
Reducing code weakness noise: Urgency-based prioritization isolates the code weaknesses that affect deployed, internet-exposed, or business-critical assets from low-risk findings in development environments. CWE classification and data flow analysis further distinguish exploitable weaknesses from theoretical risks
Accelerating remediation: Automated fix suggestions and manual remediation guidance enable developers to resolve code weaknesses directly in the source repository without context-switching to external tools
Establishing compliance baselines: Mapping code weaknesses to CWE identifiers and OWASP Top 10 categories provides auditable evidence of compliance with OWASP Top 10, OWASP ASVS, NIST SSDF, and organizational secure coding standards

Prerequisites

Before viewing and acting on code weakness issues, verify the following:

Prerequisite	Description
License	An active Cortex Cloud license with Application Security entitlements.
RBAC Role	The AppSec Admin or SOC Analyst role, or an equivalent custom role with issue management permissions.
VCS Integration	At least one Version Control System (GitHub, GitLab, Bitbucket, Azure DevOps) integrated and active.
SAST Scanner	The SAST scanner enabled for the target repositories.
Periodic or PR Scan	At least one completed periodic scan or PR scan that includes SAST scanning results.