Understanding Findings
How to read and interpret Secbez security findings — vulnerability details, evidence, severity, confidence, and remediation.
Each finding represents a potential security vulnerability discovered in your code.
Finding details
When you click on a finding, you'll see:
Vulnerable code
The exact code lines where the vulnerability was detected, with the relevant lines highlighted. This includes surrounding context so you can understand the code's purpose.
Evidence chain
A structured explanation of why Secbez flagged this code:
- What was found: The specific vulnerability pattern or condition
- Why it matters: The security impact if exploited
- How it could be exploited: A concrete attack scenario
Cross-file context
When available, findings include information about how the vulnerable code relates to the rest of your codebase:
- Which functions call into the vulnerable code
- Whether the code is reachable from HTTP endpoints
- Whether authentication or authorization checks exist in the call chain
Remediation guidance
Actionable guidance on how to fix the issue, including:
- An explanation of the proper fix approach
- In some cases, a suggested code patch
Finding status
| Status | Meaning |
|---|---|
| Open | Active finding that needs attention |
| Suppressed | Deliberately silenced (accepted risk or false positive) |
| Fixed | The vulnerable code was changed in a subsequent scan |
Review-needed findings
Some findings are flagged as needs review. This means the automated validation couldn't reach a confident verdict — the evidence was ambiguous or incomplete. These findings are preserved for human review rather than being silently dropped.
Review-needed findings should be examined by a developer who understands the codebase context.