Findings¶
The Findings page provides a detailed list of identified vulnerabilities, including their severity levels and affected code components. The findings page also offers the flexibility to tailor your view by applying filters, bulk selection of findings, and more.
Key Features¶
Findings Per Page¶
Navigate through large sets of findings by customizing the number of findings displayed per page. By default, the page displays 10 findings, but you can increase this to 50 or 100 by selecting the dropdown in the top-right corner of the screen.
Violations and Findings¶
The Findings page offers an improved user experience by categorizing "Violations" and "Findings" into distinct tabs.
Findings Filters¶
Improve findings management using advanced filters based on severity, acknowledgment status, etc.
Findings Groupings¶
The Grouping filter allows you to group violations and findings by Rule ID, Repository, Image, or Category.
- Grouping By Rule ID: This group contains information about Rule IDs, the number of findings, violations, and their severities. Once you expand each result, you can see the Date, Source, Severity Level, Confidence, Repository, and Scanner. The violations are presented before the findings and sorted by severity level.
To get groupings by repository, select the Group By dropdown on the top-right corner of the page and select Rule ID.
- Grouping By Repository: This group includes the repository, findings, violations, and severities. Once each result is expanded, it displays the date, rule name, severity, confidence, source, and scanner. Violations are shown first, followed by findings.
To get groupings by repository, select the Group By dropdown on the top-right corner of the page and select Repository.
- Grouping By Image: Here, not all findings belong to the container type. Therefore, grouping by image is like filtering by container type and then grouping by image. This group contains information about the image, such as the number of findings, violations, and severities. When you expand each result, you'll see the date, source, CVE, package name, ecosystem, severity, confidence, repository, and scanner. The violations are shown first, followed by the findings.
To get groupings by repository, select the Group By dropdown on the top-right corner of the page and select Image.
- Grouping By Category: This group includes the rule category name, findings, violations, and severities. Once each result is expanded, it displays the date, rule name, severity, confidence, source, repository, and scanner. Violations are shown first, followed by findings.
Export Findings¶
This feature provides a way to export findings data in a .CSV format for further analysis and reporting. You can get a full findings report by clicking the Export Findings button located at the top-right corner of the screen.
Bulk Selection of Findings¶
Select one or more findings to take actions such as suppression, pause, acknowledgment, or mark as a false positive.
Severity Information¶
This provides information about the potential impact of exploiting a known vulnerability.
Top Contributors to a Code Repository¶
This feature highlights the leading contributors to a code repository in a Finding.
Transitive Dependencies¶
Transitive dependencies occur when security vulnerabilities or issues are detected not directly within the project's code but within dependencies of a project's codebase forming a chain of interconnected components.
BoostSecurity analyzes dependencies and their associated vulnerabilities comprehensively and not only identify issues within the project's direct dependencies but also uncover vulnerabilities within transitive dependencies. By flagging these transitive dependencies, BoostSecurity provides an avenue for developers to prioritize and address security issues, thereby ensuring the integrity applications.
CVE IDs¶
The CVE (Common Vulnerabilities and Exposures) identification for findings directly within the Findings View.
Advisory Links¶
Detailed information about a CVE.