Secbez Docs

Evidence & Context

How Secbez provides evidence and codebase context for each security finding.

Secbez doesn't just flag code — it explains why something is vulnerable and provides evidence from your codebase.

Evidence types

Code snippet

The exact vulnerable code with surrounding context. The flagged lines are highlighted so you can see exactly what triggered the finding.

Call graph data

When available, findings include cross-file analysis:

  • Callers: Functions from other files that call into the vulnerable function, showing the blast radius
  • Route reachability: Whether the vulnerable code can be reached from an HTTP endpoint (a function that's never called externally is lower risk)
  • Auth chain: Whether authentication or authorization middleware exists in the call path leading to the vulnerable code

Validation debate

Each finding goes through adversarial validation. The result includes:

  • Whether the finding was confirmed (validated as a real vulnerability)
  • Whether it was marked needs review (evidence was inconclusive)
  • The reasoning behind the verdict

How context affects severity

Cross-file context directly influences the final severity and confidence of a finding:

  • A SQL injection in a function reachable from an unauthenticated HTTP endpoint is more severe than one in a function with no callers
  • A missing auth check on an endpoint that handles financial transactions is more critical than one on a read-only status page
  • A vulnerability with confirmed exploit path through multiple files gets higher confidence than an isolated pattern match

On this page

Evidence typesCode snippetCall graph dataValidation debateHow context affects severity