Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiCNAPP Administration Guide

    Vulnerabilities: Internal code

    Vulnerabilities: Internal code

    The Code security > Applications > Vulnerabilities: Internal code page provides a list of first party code vulnerabilities found by our SAST scanner. This page is broken down by scan results from the SAST scanner using the toggle underneath the filter bar.

    SAST

    The SAST view includes a table representing a list of findings from the SAST scanner. The findings are grouped by the specific SAST rule and is sorted by the number of findings associated to the rule. The sort can be configured by any other column in the table.

    You can use the search and filter options at the top of the page to update the list of SAST results displayed.

    For each finding, the following data is provided in the table:

    Weakness name The name of the CWE weakness associated to the finding.
    CWE ID The unique identifier for the code weakness. It can be used to search for findings by a specific OWASP 10 weakness type.
    Instances The number of findings across scans that are associated to the specific weakness.
    Impacted repositories The number of repositories where the results are found.
    First detected

    The first outstanding finding that we have detected. Note, if the finding is fixed, the timestamp updates to the next subsequent first finding.
    Previous
    Next

    Vulnerabilities: Internal code

    Vulnerabilities: Internal code

    The Code security > Applications > Vulnerabilities: Internal code page provides a list of first party code vulnerabilities found by our SAST scanner. This page is broken down by scan results from the SAST scanner using the toggle underneath the filter bar.

    SAST

    The SAST view includes a table representing a list of findings from the SAST scanner. The findings are grouped by the specific SAST rule and is sorted by the number of findings associated to the rule. The sort can be configured by any other column in the table.

    You can use the search and filter options at the top of the page to update the list of SAST results displayed.

    For each finding, the following data is provided in the table:

    Weakness name The name of the CWE weakness associated to the finding.
    CWE ID The unique identifier for the code weakness. It can be used to search for findings by a specific OWASP 10 weakness type.
    Instances The number of findings across scans that are associated to the specific weakness.
    Impacted repositories The number of repositories where the results are found.
    First detected

    The first outstanding finding that we have detected. Note, if the finding is fixed, the timestamp updates to the next subsequent first finding.
    Previous
    Next