When a Web/Mobile asset type has been selected to submit a vulnerability you will have the option to choose from three subtypes of vulnerabilities and depending on which types you choose the input fields will change. The three options you can choose from are as follows:
- Web Level - This means the vulnerability has been identified while performing a DAST scan on your application or while performing a manual Vulnerability Assessment and Penetration Test. More on how to setup DAST scan using Strobes here.
- Code Level - This means the vulnerability has been identified while performing a SAST scan on your code base or while performing a manual Secure Code Review. More on how to setup SAST scan using Strobes here.
- Package Level - This type of vulnerability can be identified either during a SAST or a DAST scan.
The following are the links which contain detailed information about submitting each subtype of vulnerability.