...
User accounts in Canopy are linked to the user's email address. The login panel accepts the username and password:
Logging out
In order to logout, click on the profile name and select logout or via the main navigation menu (see below):
Navigation
The main navigation within Canopy is accessed using the icon. This brings up the main menu:
Navigation within a section is typically available via a breadcrumb within the main header. The following screenshot shows an example of navigation within the finding's view:
Reports start with a template
...
Once a template has been added to the system, it will appear in the Templates → Reports list and as an option when creating reports. For example:
Info |
---|
Although it is not absolutely necessary to create a report template to start working with Canopy, it is a requirement to generate a report. |
...
Creating a client is a simple process. Navigate to the "Companies" interface and click the button. You will be presented with a Wizard to capture the details of the client and also to set the permissions:
A number of default user profiles have access to the client. For further information see Roles and Permissions.
...
When you initiate project creation, you can choose to create a project from a Statement of Work or from scratch, as is shown in the Wizard:
Once the project is created, the User Access is displayed. This can be used to assign who has access to the project.
...
Adding a phase is similar to adding a project, however, no permissions need to be granted - these are inherited from the project. Click on the button. The following form will be displayed:
It is possible to create a retest phase. For further information on retesting, see Retesting phases.
...
Adding a manual finding is a typical task. To achieve this, click the button. This will give you a basic form for adding a title and a rating.
Once created, you can then edit the finding and add further details.
WYSIWYG fields allow you to add rich content, including images. Images can simply be dragged and dropped into the WYSIWYG area. Once you've edited your finding, you can then save it and view the results:
You'll notice that we have also set CVSS2 and CVSS3 ratings. This can be achieved using the calculators, shown below:
Step 4.2: Add findings from the KB
Adding findings from the KB is simple. Select the "Add findings from KB" option from the add finding menu:
This will give you a list of approved findings to select form, which can be easily added to the phase:
Step 6: Import tool data
Importing tool data is as simple as dragging and dropping the file onto the phase upload interface:
The tool data will be automatically imported and findings will be created. If a tool test case is linked to a KB finding, the KB finding will be added, and the detail from the tool (e.g. detailed examples, meta info) will be retained. By default, automatically generated KB findings linked to tool test cases are groups, so if you need to report the original tool finding, you can disassociate the tool finding from the KB finding.
...
Apart from adding the content to the finding itself, sometimes it's necessary to add multiple examples of where a finding has been found. Canopy allows you to do this through the use of examples. To add an example, select the option from the Assets and Examples section at the end of the finding screen:
An example can contain rich text and images, you can also add an asset to the asset field and it will be automatically associated with the finding:
Info |
---|
Examples can store one or many instances of a finding. Examples are auto-populated from tools that separate them out from the main finding. See below for an example. |
...
To group findings, click on the 'Group' button. This will bring up the grouping dialogue:
This allows you to search and filter for the finings you want to group together. Once you've selected the findings you want to group, click Next which will allow you to:
...
There may be many findings you simply want to ignore. This is quite typical with info findings that might come from tools. You can ignore a finding by setting the ignore flag on a single finding, or via the findings grid by selecting the checkboxes and selecting the contextual menu:
Optional: Add findings to the KB
...
Any user with Write permissions on a project can create a report. This is done from the project level via the "Add Report" button. This launches the Add Report Wizard:
This is a three stage process to select the required report template, choose the phase(s) to associate with the report and to set the report's title and due date (required for issuing alerts on potential report delivery problems). Once the report has been created, you will be able to start working on the report's content and also adding any necessary comments.
Step 8: Peer review (PR) and quality assurance (QA) a report
The PR/QA workflow is launched via the header section at the top of the report:
Once a PR or a QA is requested, the users with the PR/QA roles will receive a notification form the system. PR/QA requests are handled on a first-come, first-serve basis. Once a user has accepted a PR/QA request, no other users can accept it, unless it is put back in the PR/QA queue. For further information see Peer review and quality assurance in Canopy.
...
Once the report has been through PR/QA, the author can now accept the report and it will be marked as completed from a QA perspective.
Info |
---|
It is not mandatory to follow the PR/QA process. However, it is recommended in most scenarios. |
...
The report can then be clicked on for generation purposes:
Info |
---|
Emailing of reports directly from Canopy will be added in an upcoming release. |
...
As a Tech Manager or an Account Manager, it is very useful to be able to keep track of reports and to ensure that any potential slippage on an approaching deadline is caught as early as possible. Canopy has the ability to track reports at their different stages (draft, PR, QA and final). This can be accessed via the "reports" menu item, which provides the following view:
Further information
...