NOTE: Findings in the Findings tab are raw scanner output and do not have resolution statuses, SLA tracking, or assignees. To track remediation for a specific drift finding, create or update a unified policy that matches the finding pattern to generate an actionable issue in the Issues tab.
Reducing code weakness noise: Urgency-based prioritization isolates the code weaknesses that affect deployed, internet-exposed, or business-critical assets from low-risk findings in development environments. CWE classification and data flow analysis further distinguish exploitable weaknesses from theoretical risks
Audit scanner coverage: Review the full scope of IaC misconfigurations detected by the scanner to verify that detection rules are identifying the expected misconfiguration patterns across all monitored repositories and IaC frameworks.
Identify policy gaps: Compare findings in the Findings tab against issues in the Issues tab to identify findings that are not covered by existing unified policies. Create new policies to promote high-risk findings to actionable issues.
Audit scanner coverage: Review the full scope of secrets detected by the scanner to verify that detection rules are identifying the expected secret types across all monitored repositories
Identify policy gaps: Compare findings in the Findings tab against issues in the Issues tab to identify findings that are not covered by existing unified policies. Create new policies to promote high-risk findings to actionable issues
Review excluded findings: Investigate findings that were excluded by policy filters to confirm that exclusions are intentional and do not suppress critical secrets exposures
Validate detection rules: Verify that detection rules are producing accurate findings and not generating excessive false positives for specific secret types or repositories
Note
Review excluded findings: Investigate findings that were excluded by policy filters to confirm that exclusions are intentional and do not suppress critical IaC misconfigurations.
Secrets findings inventory
The Secrets Findings inventory includes the following properties. Use the Table Settings Menu to view additional properties.
Property | Description |
|---|---|
Name | The name or title of the finding. |
Asset Name | Name of the asset affected by the finding. Selecting an Asset Name in the table opens the asset's side card, displaying information about the asset, without having to navigate away from the Findings page. |
Risk Factors | Quantifiable attributes of a finding, allowing you to analyze and assess the risk. Options: Found in history, Valid, Privileged |
Data Source | Source of the finding information (the version control system) |
Rule Category | The category assigned to the rule that detected the finding |
Repository | Name of the repository hosting the asset in which the finding was detected |
Branch | The branch of code or version control branch where the finding was detected |
File Path | The file path or location within the repository where the finding was located |
Backlog Status | Backlog Status: Indicates if the finding is categorized as Backlog (pre-existing technical debt) or New (a recently introduced vulnerability). To understand how findings are categorized as backlog/new, refer to Issue/Finding classification by scanner |
Investigate findings details
Clicking on a finding in the table opens the Findings side card which provides additional details.