Findings table
This table describes the columns that are available in findings tables. If a column is unavailable, it is likely hidden from the table. To select a column for viewing (or perform any other customization tasks in a table), follow the instructions in Customizing the findings table.
| Column Heading | Description |
|---|---|
| Trace | An icon in this column indicates that a trace exists for lost or known sinks. |
| Severity |
|
| Classification | Type of finding: Definitive or Suspect security
finding - or Scan Coverage finding. Note: In
some cases, a classification of None may be
used to denote a classification that is neither a security finding
or a scan coverage finding. |
| Vulnerability Type | Vulnerability category, such as Validation.Required or Injection.SQL. |
| API | The vulnerable call, showing both the API and the arguments passed to it. |
| Source | A source is an input to the program, such as a file, servlet request, console input, or socket. For most input sources, the data returned is unbounded in terms of content and length. When an input is unchecked, it is considered tainted. |
| Sink | A sink can be any external format to which data can be written out. Sink examples include databases, files, console output, and sockets. Writing data to a sink without checking it may indicate a serious security vulnerability. |
| Directory | Full path of the scanned files. |
| File | Name of the code file in which the security finding or scan coverage finding occurs. File paths in findings are relative to the scanned project working directory. |
| Calling Method | The function (or method) from which the vulnerable call is made. |
| Line | Line number in the code file that contains the vulnerable API. |
| Bundle | Bundle that contains this finding. |
| CWE | ID and topic of the community-developed dictionary of common software weaknesses (Common Weakness Enumeration (CWE) topics). |