Findings table

This table describes the columns that are available in findings tables. If a column is unavailable, it is likely hidden from the table. To select a column for viewing (or perform any other customization tasks in a table), follow the instructions in Customizing the findings table.

Table 1. Findings table
Column Heading Description
Trace An icon in this column indicates that a trace exists for lost or known sinks.
  • High: Poses a risk to the confidentiality, integrity, or availability of data and/or the integrity or availability of processing resources. High-severity conditions should be prioritized for immediate remediation.
  • Medium: Poses a risk to data security and resource integrity, but the condition is less susceptible to attack. Medium-severity conditions should be reviewed and remedied where possible.
  • Low: Poses minimal risk to data security or resource integrity.
  • Info: The finding, itself, is not susceptible to compromise. Rather, it describes the technologies, architectural characteristics, or security mechanisms used in the code.
Classification Type of finding: Definitive or Suspect security finding - or Scan Coverage finding.
Note: In some cases, a classification of None may be used to denote a classification that is neither a security finding or a scan coverage finding.
Vulnerability Type Vulnerability category, such as Validation.Required or Injection.SQL.
API The vulnerable call, showing both the API and the arguments passed to it.
Source A source is an input to the program, such as a file, servlet request, console input, or socket. For most input sources, the data returned is unbounded in terms of content and length. When an input is unchecked, it is considered tainted.
Sink A sink can be any external format to which data can be written out. Sink examples include databases, files, console output, and sockets. Writing data to a sink without checking it may indicate a serious security vulnerability.
Directory Full path of the scanned files.
File Name of the code file in which the security finding or scan coverage finding occurs. File paths in findings are relative to the scanned project working directory.
Calling Method The function (or method) from which the vulnerable call is made.
Line Line number in the code file that contains the vulnerable API.
Bundle Bundle that contains this finding.
CWE ID and topic of the community-developed dictionary of common software weaknesses (Common Weakness Enumeration (CWE) topics).