Evidence content control

This page contains:

The Evidence content control is a special control that tells the reporting engine to repeat a given section of the report for each piece of Evidence associated with a vulnerability.

A concrete example

We're going to use the same example we used in the Adding issues and evidence section.

An Out-of-date Apache vulnerability that affects 2 different hosts (port tcp/80 in host and ports tcp/80 and tcp/443 in

This means our Dradis project will have:

  • One issue: Out-of-date Apache
  • Two nodes: and
  • Three pieces of evidence:
    • One for, port tcp/80
    • One for, port tcp/80
    • One for, port tcp/443

The Evidence control in your template

If you landed in this page directly, please also review the Issue content control section of this manual before reading ahead as we will be using the template we created there.

The Evidence control is a wrapping control (i.e. it is used to enclose other template content). We're going to start by creating a Label placeholder and wrapping it into an Evidence control:

Most of the times, the Evidence control will be nested inside an Issue control as shown here:

However, this is not required. You can, for example, decide to group all your evidence in an appendix at the end of the report.

Exporting our report right now would result in the following:

We can see that the reporting engine is working as expected, repeating the section of the report enclosed by the Evidence control for each of the pieces of Evidence we've got in the project.

The Evidence Label control

As you just saw, the Label control can be used inside an Evidence control to display the label of the node associated with the Evidence.

This is especially useful when you have multiple instances of a problem, with code or screenshots in them. By adding the Label control you can easily see where one instance ends and the next one starts.

Evidence field placeholders

The Evidence wrapping control works in the same way the other wrapping controls we've seen so far (i.e. Issue and Note) and lets us create placeholders for the fields defined in your content.

For example, lets enhance our template to contain placeholders for the Port and Details fields:

The importance of consistency

Right now our template is expecting that each piece of Evidence in your project contains a Port and a Details fields.

That's easy enough to get right, but it is up to you to ensure you remember that your template is going to look for this fields.

Lets go ahead and add the first piece of evidence:

If you're wondering how to get that grey background block, feel free to jump ahead to the Code blocks section of the manual, we'll wait for you here.

Adding the other instances of Evidence to the project and exporting results in:

You can see how the Port and Details placeholders have been populated with the relevant information for each Evidence in our project.

Filtering your Evidence

Evidence content control can be filtered to allow you to further customize your reports. For more on the different options, check out the Filtering and Sorting page of this guide.

Next help article: Affected content control →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.