Upload Manual VA Reports
  • 1 Minute to read
  • PDF

Upload Manual VA Reports

  • PDF

About this document

This document provides a step-by-step procedure to manually upload VA reports and see the results in SAFE.


SAFE allows users to upload reports from the VA tools through manual VA upload functionality, where the users can download a report from any VA tool, convert it into a format that SAFE supports, upload the report to SAFE, and see the results.

SAFE supports the CVSS version 3.0 only.

Upload VA Reports for an asset

To upload a VA Report:

  1. Navigate to Technology Assessment > Technology Vertical.
  2. Click the Assess button available against the asset for which you want to upload the VA report.
    Upload VA Report 1
  3. Click the Upload VA Report button. The system opens a custom VA report pop-up.
  4. Click the Download Template button. A zip file will be downloaded to your computer. The downloaded zip file contains a template and user guide with instructions to fill the template.
    Upload VA Report 2
  5. Fill in details in the template file.
  6. Save the file on your computer.
  7. Browse and upload the file to SAFE. 
  8.  If required, mark the checkbox to qualify existing controls not found in the report. Checking this checkbox will qualify the controls that exist on the asset but are not found in the new report.
  9. The system notifies you of a successful upload. You can validate the no of qualified and failed controls.

Instructions to fill details in the template file

During generic VA Report upload, the following fields are required to be filled for every vulnerability, some of them are Mandatory, and some of them are optional:

  • Control Name (will be considered a unique identifier) (Mandatory)
  • Control Description (Optional)
  • Status (Mandatory)
  • Auditor Impact (Mandatory)
  • Auditor Remediation (Mandatory)
  • CVSS Score (Mandatory)
  • Remediation Reference (Optional)
  • Observation (Optional)
  • CVSS Severity (Optional)
  • If Status is Failed, CVSS Vector (Mandatory) else CVSS Vector (Optional)
  • CWE Mapping (Optional)
  • Finding (Optional)
  • Parameter/Path (Optional)
  • Port (Optional)
  • Protocol (Optional)
  • CVE IDs (Optional)
  • CWE IDs (Optional)
  • OWASP IDs (Optional)

Upload VA Report template

Accepted 'Status' entries are as follows: 'Failed,' 'Qualified,' "Not Applicable."

  • The template downloaded along with the instruction guide should be used to upload the VA report.
  • Each vulnerability detected will have a separate row.
  • Every instance of the detected vulnerability will be represented in a separate row.
  • To add multiple CVE IDs or CWE IDs, or OWASP IDs for one row, add a semi-colon to separate them. (e.g. 'CVE-aaaa-bbbb;CVE-xxxx-yyyy')

Was this article helpful?