Skip to main content

View findings' details

The finding's details page displays in-depth information about the finding, including:

  • A detailed description of the finding
  • Rule details, including the severity level, EPSS scores, and identifiers such as the CVE ID
  • Finding details, such as whether the finding is reachable, when the finding was identified, and the projectname, branch name, and commit ID where the issue was introduced
  • Remediation suggestions
  • The code snippet where the issue was identified, along with a link to the source code where Semgrep identified the issue
  • Dependency path information
  • Activity history for the finding, including when it was first identified, whether it has been analyzed by Semgrep Assistant, whether there are any accompanying Jira tickets, notes written by other Semgrep users specifically about this finding, and more.

View a finding's details

To view a finding's details page:

  1. Log in to Semgrep AppSec Platform.
  2. In the Navigation bar, click Supply Chain.
  3. Identify the finding whose details you want to view:
    • If the default Group by Rule is enabled, click the Details icon on the card of the finding.
    • If the No grouping view is enabled, click the header hyperlink on the card of the finding.

Available actions on the finding details' page

Click on the kebab icon to see the menu that includes the following options:

  • Mark as reviewing to change its status to Reviewing and flag the finding as one that is under further manual review
  • Copy file path of the source code where Semgrep identified the issue
  • Copy link to the finding's details page

Ignore the finding

Click Ignore... to ignore the finding. Provide an Ignore reason, and add Comments on why you think that this finding should be ignored.

If the file for the finding in question is a test file or something similar, you can choose the Ignore files in future scans... option, then select the file. Semgrep ignores the file in subsequent scans.

Click Ignore to proceed.

Fix the finding

Click Fix see the menu that includes the following options:

  • View the associated Jira ticket, if available
  • Open a PR that fixes the issue, if possible
  • Change the status of the issue as To fix, indicating that you plan to return to the finding in the future

Note that Semgrep automatically marks findings as fixed when they're no longer detected in subsequent scans.

Add notes to findings

To add notes to the activity history of a finding:

  1. Select a finding where you want to view details or add notes, and then do one of the following actions:
    • If the default Group by Rule is enabled, click Details icon on the card of the finding.
    • If No grouping view is enabled, click the header hyperlink on the card of the finding.
  2. Go to the Activity section, then click New note.

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.