This page contains:
Evidence content control is a special control that tells the reporting engine to repeat a given section of the report for each piece of Evidence associated with a vulnerability.
We're going to use the same example we used in the Adding issues and evidence section.
An Out-of-date Apache vulnerability that affects 2 different hosts (port
tcp/80 in host
10.0.0.1 and ports
This means our Dradis project will have:
If you landed in this page directly, please also review the Issue content control section of this manual before reading ahead as we will be using the template we created there.
Evidence control is a wrapping control (i.e. it is used to enclose other template content). We're going to start by creating a
Label placeholder and wrapping it into an
Most of the times, the
Evidence control will be nested inside an
Issue control as shown here:
However, this is not required. You can, for example, decide to group all your evidence in an appendix at the end of the report.
Exporting our report right now would result in the following:
We can see that the reporting engine is working as expected, repeating the section of the report enclosed by the
Evidence control for each of the pieces of Evidence we've got in the project.
As you just saw, the
Label control can be used inside an
Evidence control to display the label of the node associated with the Evidence.
This is especially useful when you have multiple instances of a problem, with code or screenshots in them. By adding the
Label control you can easily see where one instance ends and the next one starts.
For example, lets enhance our template to contain placeholders for the
Right now our template is expecting that each piece of Evidence in your project contains a
Port and a
That's easy enough to get right, but it is up to you to ensure you remember that your template is going to look for this fields.
Lets go ahead and add the first piece of evidence:
If you're wondering how to get that grey background block, feel free to jump ahead to the Code blocks section of the manual, we'll wait for you here.
Adding the other instances of Evidence to the project and exporting results in:
You can see how the
Details placeholders have been populated with the relevant information for each Evidence in our project.
Evidence content control can be filtered to allow you to further customize your reports. For more on the different options, check out the Filtering and Sorting page of this guide.
Next help article: Affected content control →