Understanding Severity Levels
We categorize findings into four severity levels based on the CVSS (Common Vulnerability Scoring System) standard:
Critical
Immediate threat. Exploitation is straightforward and leads to full system compromise. Fix immediately.
High
Significant threat. Exploitation is possible but may require specific conditions. Fix within 24-48 hours.
Medium
Moderate threat. Exploitation is difficult or impact is limited. Fix in next release cycle.
Low
Minor issue or information leak. Low risk but good to fix for hygiene.
Using the Remediation Agent
Our AI Remediation Agent can generate code fixes for you.
- Click on a finding to view its details.
- Click the "Generate Fix" button.
- The AI will analyze the vulnerability and provide a code snippet or configuration change to resolve it.
- Review the fix and apply it to your codebase.
Managing False Positives
Sometimes scanners flag legitimate features as vulnerabilities. You can mark these as False Positives.
- Open the finding details.
- Select "Mark as False Positive" from the actions menu.
- Provide a reason and evidence (e.g., "This is a public API endpoint intended to be open").
- An admin must approve this request. Once approved, it serves as evidence for your audit.