Findings

Overview

The Findings page is where you browse, filter, and triage all security findings ingested from your connected tools — Snyk, Cycode, Wiz, and Tenable. Every vulnerability, misconfiguration, or code issue detected by these tools is normalized into a unified finding format, making it easy to assess risk across your entire application portfolio from a single view.

Findings Table

The main Findings table displays all ingested findings with the following columns:

  • Title — The name or summary of the vulnerability.
  • Source — The affected package or component (e.g., a library name and version).
  • Source Tool — The security tool that detected the finding (Snyk, Cycode, Wiz, or Tenable).
  • Severity — A color-coded badge indicating the severity level: critical (red), high (orange), medium (yellow), or low (blue).
  • Status — The current triage status of the finding.
  • Asset / Repository — The repository or cloud asset where the vulnerability was found.
  • Last Seen — The timestamp of the most recent sync that observed this finding.

The table displays 20 findings per page. Use the pagination controls at the bottom to navigate through results.

Filtering Findings

Use the filter bar above the table to narrow down results. The following filters are available:

  • Title — Free-text search that matches against the finding title.
  • Source Tool — Dropdown to filter by the originating tool: Snyk, Cycode, Wiz, or Tenable.
  • Severity — Filter by severity level: critical, high, medium, or low.
  • Status — Filter by triage status: open, in_progress, resolved, closed, or accepted_risk.
  • Repository / Asset — Free-text search to filter by repository name or cloud asset identifier.
  • EPSS Exploitability — Filter by exploitability tier: critical, high, medium, or low. This is based on the EPSS (Exploit Prediction Scoring System) data enriched during ingestion.

Text-based filters are debounced for performance, meaning the table will not reload until you pause typing. This prevents excessive API calls while you compose your search query.

Finding Details

Click any row in the table to expand the finding and see its full details. The detail panel is split into two columns:

Left Column

  • Vulnerability Type — The category of the vulnerability (e.g., dependency vulnerability, code issue, misconfiguration).
  • Description — A full description of the vulnerability, rendered from markdown for readability.
  • CWE Links — Links to relevant Common Weakness Enumeration entries for further reference.
  • Evidence / Code Snippet — Where available, the specific code or configuration that triggered the finding.
  • Affected Packages — A list of affected packages with their current and fixed versions (if a fix is available).
  • Remediation Guidance — Step-by-step instructions or recommendations for resolving the vulnerability.
  • Fix Availability — Whether a fix (patch, upgrade, or workaround) is available for the vulnerability.

Right Column

  • CVE ID — The CVE identifier, linked directly to the NVD (National Vulnerability Database) entry.
  • CVSS Scores — The CVSS base score along with the full CVSS vector string for detailed risk assessment.
  • Risk Score — A composite risk score calculated from severity, exploitability, and asset context.
  • EPSS Exploitability — The EPSS probability (likelihood of exploitation in the next 30 days) and percentile ranking relative to all known vulnerabilities.
  • Source Tool — The tool that originally reported this finding.
  • Repository — The repository or asset associated with the finding.
  • First Seen / Last Seen — Timestamps showing when the finding was first ingested and when it was most recently observed.

Reporting to Jira

In the expanded detail panel, analysts and admins can click the Report to Jira button to create a Jira issue for the finding. This escalates the vulnerability into your team's issue tracking workflow for formal remediation tracking.

If the finding has already been reported to Jira, a link to the existing Jira issue is displayed instead of the report button. This prevents duplicate tickets from being created.

The Jira ticket created includes the following information:

  • Severity level
  • Affected repository
  • CVE identifier (if applicable)
  • Remediation guidance
  • A direct link to the finding in the source tool (Snyk, Cycode, Wiz, or Tenable)

For more details on Jira integration, see the Jira Issues guide.

Finding Statuses

Each finding has a status that reflects its current position in the triage and remediation lifecycle:

  • open — A new finding that has not yet been addressed. This is the default status assigned when a finding is first ingested.
  • in_progress — Remediation is underway. The team has acknowledged the finding and is actively working on a fix.
  • resolved — A fix has been applied. The vulnerability should no longer be present, but has not yet been verified.
  • closed — The fix has been verified and the finding is confirmed as no longer present. This is the terminal state for successfully remediated findings.
  • accepted_risk — The risk has been acknowledged and a deliberate decision has been made not to fix it. This is appropriate for findings where the cost of remediation outweighs the risk, or where compensating controls are in place.