docs: added vite-press docs (#4)
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com> Reviewed-on: #4
This commit was merged in pull request #4.
This commit is contained in:
75
docs/guide/findings.md
Normal file
75
docs/guide/findings.md
Normal file
@@ -0,0 +1,75 @@
|
||||
# Managing Findings
|
||||
|
||||
Findings are security issues discovered during scans. The findings workflow lets you triage, track, and resolve vulnerabilities across all your repositories.
|
||||
|
||||
## Findings List
|
||||
|
||||
Navigate to **Findings** in the sidebar to see all findings. The table shows:
|
||||
|
||||
| Column | Description |
|
||||
|--------|-------------|
|
||||
| Severity | Color-coded badge: Critical (red), High (orange), Medium (yellow), Low (green) |
|
||||
| Title | Short description of the vulnerability (clickable) |
|
||||
| Type | SAST, SBOM, CVE, GDPR, or OAuth |
|
||||
| Scanner | Tool that found the issue (e.g. semgrep, syft) |
|
||||
| File | Source file path where the issue was found |
|
||||
| Status | Current triage status |
|
||||
|
||||
## Filtering
|
||||
|
||||
Use the filter bar at the top to narrow results:
|
||||
|
||||
- **Repository** — Filter to a specific repository or view all
|
||||
- **Severity** — Critical, High, Medium, Low, or Info
|
||||
- **Type** — SAST, SBOM, CVE, GDPR, OAuth
|
||||
- **Status** — Open, Triaged, Resolved, False Positive, Ignored
|
||||
|
||||
Filters can be combined. Results are paginated with 20 findings per page.
|
||||
|
||||
## Finding Detail
|
||||
|
||||
Click any finding title to view its full detail page, which includes:
|
||||
|
||||
### Metadata
|
||||
- Severity level with CWE identifier and CVSS score (when available)
|
||||
- Scanner tool and scan type
|
||||
- File path and line number
|
||||
|
||||
### Description
|
||||
Full explanation of the vulnerability, why it's a risk, and what conditions trigger it.
|
||||
|
||||
### Code Evidence
|
||||
The source code snippet where the issue was found, with syntax highlighting and the file path.
|
||||
|
||||
### Remediation
|
||||
Step-by-step guidance on how to fix the vulnerability.
|
||||
|
||||
### Suggested Fix
|
||||
A code example showing the corrected implementation.
|
||||
|
||||
### Linked Issue
|
||||
If the finding was pushed to an issue tracker (GitHub, GitLab, Jira), a direct link to the external issue.
|
||||
|
||||
## Updating Status
|
||||
|
||||
On the finding detail page, change the finding's status using the status buttons:
|
||||
|
||||
| Status | When to Use |
|
||||
|--------|-------------|
|
||||
| **Open** | New finding, not yet reviewed |
|
||||
| **Triaged** | Reviewed and confirmed as a real issue, pending fix |
|
||||
| **Resolved** | Fix has been applied |
|
||||
| **False Positive** | Finding is not a real vulnerability in this context |
|
||||
| **Ignored** | Known issue that won't be fixed (accepted risk) |
|
||||
|
||||
Status changes are persisted immediately.
|
||||
|
||||
## Severity Levels
|
||||
|
||||
| Severity | Description | Typical Examples |
|
||||
|----------|-------------|-----------------|
|
||||
| **Critical** | Immediate exploitation risk, data breach likely | SQL injection, RCE, hardcoded secrets |
|
||||
| **High** | Serious vulnerability, exploitation probable | XSS, authentication bypass, SSRF |
|
||||
| **Medium** | Moderate risk, exploitation requires specific conditions | Insecure deserialization, weak crypto |
|
||||
| **Low** | Minor risk, limited impact | Information disclosure, verbose errors |
|
||||
| **Info** | Informational, no direct security impact | Best practice recommendations |
|
||||
Reference in New Issue
Block a user