Skip to content

Findings

The Findings page provides a detailed list of identified vulnerabilities, including their severity levels and affected code components. The findings page also offers the flexibility to tailor your view by applying filters, bulk selection of findings, and more.

Findings page

Key Features

Findings Per Page

Navigate through large sets of findings by customizing the number of findings displayed per page. By default, the page displays 10 findings, but you can increase this to 50 or 100 by selecting the dropdown in the top-right corner of the screen.

Findings Per Page

Violations and Findings

The Findings page offers an improved user experience by categorizing "Violations" and "Findings" into distinct tabs.

Violations and Findings

Critical Risk Issues

The Findings page allows you to focus on the most important risks that needs to be addressed immediately. You can view these issues by turning on the toggle to find these critical risks.

Critical Risk Issues

Findings Filters

Improve findings management using advanced filters based on severity, acknowledgment status, etc.

Transitive Dependencies

Findings Groupings

The Grouping filter allows you to group violations and findings by Rule ID, Repository, Image, Category, K8s Cluster, or K8s Service.

  • Grouping By Rule ID: This group contains information about Rule IDs, the number of findings, violations, and their severities. Once you expand each result, you can see the Date, Source, Severity Level, Confidence, Repository, and Scanner. The violations are presented before the findings and sorted by severity level.

To get groupings by repository, select the Group By dropdown on the top-right corner of the page and select Rule ID.

Rule ID

  • Grouping By Repository: This group includes the repository, findings, violations, and severities. Once each result is expanded, it displays the date, rule name, severity, confidence, source, and scanner. Violations are shown first, followed by findings.

To get groupings by repository, select the Group By dropdown on the top-right corner of the page and select Repository.

Repository Grouping

  • Grouping By Image: Here, not all findings belong to the container type. Therefore, grouping by image is like filtering by container type and grouping by image. This group contains information about the image, such as the number of findings, violations, and severities. When you expand each result, you'll see the date, source, CVE, package name, ecosystem, severity, confidence, repository, and scanner. The violations are shown first, followed by the findings.

To get groupings by repository, select the Group By dropdown on the top-right corner of the page and select Image.

Image Grouping

  • Grouping By Category: This group includes the rule category name, findings, violations, and severities. Once each result is expanded, it displays the date, rule name, severity, confidence, source, repository, and scanner. Violations are shown first, followed by findings.

Category Grouping

  • Grouping By K8s Cluster: This group contains violations, critical, warning, and minor findings. Once expanded, the date, rule name, source, repository, and scanner are displayed for each Violations and Findings.

K8s Cluster Grouping

  • Grouping By K8s Service: This group contains violations, critical, warning, and minor findings. Once expanded, the date, rule name, source, repository, and scanner are displayed for each Violations and Findings.

K8s Service Grouping

Export Findings

This feature provides a way to export findings data in a .CSV format for further analysis and reporting. You can get a full findings report by clicking the Export Findings button located at the top-right corner of the screen.

Export Findings

Bulk Selection of Findings

Select one or more findings to take actions such as Suppression, Pause, Acknowledgment, or mark as a False Positive.

bulk selection

Severity Information

This provides information about the potential impact of exploiting a known vulnerability.

Top Contributors to a Code Repository

This feature highlights the leading contributors to a code repository in a Finding. It is supported for GitHub, ADO, BitBucket, and GitLab repositories.

top contributors

Transitive Dependencies

Transitive dependencies occur when security vulnerabilities or issues are detected not directly within the project's code but within the dependencies of a project's codebase, forming a chain of interconnected components.

BoostSecurity analyzes dependencies and their associated vulnerabilities comprehensively. It not only identifies issues within the project's direct dependencies but also uncovers vulnerabilities within transitive dependencies. By flagging these transitive dependencies, BoostSecurity provides an avenue for developers to prioritize and address security issues, thereby ensuring the integrity of applications.

Transitive Dependencies

CVE IDs

The CVE (Common Vulnerabilities and Exposures) identification for findings directly within the Findings View.

Detailed information about a CVE.