Oracle Database Security Assessment report (DBSAT) is a great tool that detects security holes in an Oracle Database. The tool is quite popular and today it is widely used by many customers worldwide.
Starting from OEM 13.5 RU7 DBSAT became part of the Compliance Management capability of Oracle Database Lifecycle Management Pack.
This means that today, customers can select the database targets from OEM, and run DBSAT on these database targets.
The objective of this blog though is to cover the method of gathering sensitive data into the DBSAT report. 

Before associating a database target to DBSAT, you need to gather database statistics on the database:

$ sqlplus / as sysdba
SQL> exec DBMS_STATS.GATHER_DATABASE_STATS

After the above step finishes, associate DBSAT to the database target. To see the method of associating a database target to DBSAT, please check this blog.

Finally, to force the collection of sensitive data immediately, please issue the following command from the target agent side:

$ $AGENT_HOME/bin/emctl control agent runCollection `hostname -f`:host compliance_rule_result_collection 

Once the above command is executed, 2 DBSAT reports are generated. To access the reports, please follow the below menu items from OEM:

Accessing Compliance Dashboard

Enterprise -> Compliance -> Dashboard

Once in the Compliance Dashboard, click on the target numbers highlighted by the red square below:

DBSAT Reports

Once the target numbers are clicked, you’ll be able to see 2 reports: OEM Standard Compliance report and DBSAT reports: 

DBSAT Reports 2

Click on the DBSAT Reports link to see the 2 DBSAT reports per target database:

DBSAT Reports Final

Finally, you can view each report separately by clicking on each report link. Below is the Sensitive Data Assessment:

DBSAT Sensitive Data

References

Database Security Assessment Tool
Enterprise Manager
Database Security Assesssment Tool (DBSAT) with Oracle Enterprise Manager