Viewing Vulnerability Details

Click on the vulnerability name to view all details associated with each finding.

• The details displayed are the risk rating (severity) assigned by FortiDevSec.
• The associated file and the line number that the vulnerability is found in.
• The Issue description and the associated CWE and CVE (if any). Click on the CWE/CVE link to view details.
• The Remediation provides information (if available) on how to fix/avoid the vulnerability.
• The associated OWASP Top10 or SANS Top 25 category.
• The number of Similar Occurrences that it is found in, click on each instance to view details. Click to expand each of the instance.
• The history of the vulnerability is also displayed that includes the time of its first and last appearance.
• The CI/CD and Build details.
• The Outbreak Alert lists the alerts found in the application. Click outbreak alert link to navigate to the FortiGuard Outbreak Alert page for in-depth analysis.
• The Supply Chain provides information on the supply chain threat detected.

The vulnerabilities details page for the SECRET scanner contains the following additional information.

• The Secret Type displays the type of secret detected.

• The Secret Status displays the current status of the secret detected.

  • JWT - Expired or Valid

  • AWS - Exploitable or Not Exploitable

• The Detected In provides information on where the secret was detected.
  Note: Secrets are first detected in git commits and then searched for in files.

• The Code field includes the following information.

  • Hash - Git commit hash.

  • By - Details of the user who has committed the change.

  • The last line in code field contains the commit message added by the user. If the GIT commit message is more than 200 characters it is truncated.

• The Associated Issues displays fingerprint for other components of the exploitable AWS credential within the same file.