Reporting
Once the test has been run, the results are used to generate a report. The report contains metadata about the device and app, an overview of the results, and a thorough breakdown of each check and artifact that was run.
Report Structure
The report contains results across several check categories, such as Authentication, Cryptography, Storage, etc. Each category has several groups of checks, which address a specific security issue such as insecure data storage or insecure network communication. Each group then has a series of checks which are designed to identify specific instances of that security issue.
Each check has a Description, Status (pass, fail, error), Severity (info, low, medium, or high), Impact, Remediation, and Compliance section.
Check Status
Each check reports a status, which can be either:
Pass
: The check passed, meaning no security issue was identified.Fail
: The check failed, meaning a security issue was identified.Error
: The check could not be run, meaning the check itself was inconclusive.
Artifact Status
We also produce artifacts, which are the contents of a file detected during the MATRIX scan. These files are typically found in the application's binary and can be used to identify potential security vulnerabilities. You can learn more about artifacts in our Artifacts documentation.
Artifacts have two potential statuses:
Error
: The artifact could not be found, meaning the check itself was inconclusive.Artifact
: The artifact was found and identified.
When an artifact is detected and a vulnerability is identified, we return a payload of the data such as the insecure data storage location or the insecure network communication endpoint. This payload can be used to identify the exact location of the security issue in the app.
Downloading the Report
The report is generated as an html
and a json
file. You can download the report from the Corellium UI or API. If you're running in a CI flow, you can upload the report as an artifact to the CI provider for easy access.
HTML Report
The HTML report is a human-readable version of the report, which can be viewed in a web browser. It contains a summary of the app, device and report, as well as a breakdown of the security issues identified by the checks. View an example HTML report for our Corellium Cafe test app to see what the report looks like.
JSON Report
The JSON report is a machine-readable version of the report, which can be used to parse the report data programmatically. It contains the same information as the HTML report, but in a structured format.