Analyzing security vulnerability search results
A match to the Rule Analyzer Regular Expressions rule does not guarantee that the result constitutes a vulnerability in the code. You must review the results to determine if any matches are false positives.
A generated report with vulnerabilities consists of two sections:
- Search Statistics - A list of selected rule types with the number of searched rules and the number of rules with the selected expression.
- A more detailed list of records.
To examine details of the report:
- Click the Plus icon by the rule name to display a list of rules of that type that has more than zero matches.
- Click a ruleset name to see more details for that rule type.
- Click << Back to return to the full report details.
Open topic with navigation