Skip to main content
A finding is a discovery of significance made following the completion of a scan. Findings result from the default out-of-the-box implementation of rule sets called Finding policies.

View findings

To view different types of findings associated with all projects or packages in your tenant:
  1. Select Findings from the left sidebar.
  2. Search for findings using basic filters.
  3. Use Saved Filters to create and save your frequently used searches, helping you save time.
  4. Toggle Advanced and search for findings using advanced filters.
  5. Use Table preferences to select the columns you want to view and customize the appearance of the findings table.
  6. Select a finding to view the following details:
    • Project metadata
    • Risk details and remediation guidance
    • Notifications associated with the finding and Jira ticket links
    • Personalized notes for each finding. You can view notes on findings if you have tenant access. Only users with Admin or Code Scanner role can add or edit notes. See authorization roles to learn about roles and permissions.
  7. To apply exceptions to findings, select findings and click Actions > Add Exception.
  8. To export findings, select the findings, and click Actions > Export Selected or Export All.
Findings UI

View findings associated with a project

To view the findings associated with a project:
  1. Select Projects from the left sidebar.
  2. Select the project for which you want to view the findings. The Findings page includes the list of findings specific to the project.
  3. Review the list of findings. Click the finding to see its details.
  4. Use Grouped By to group findings by attributes such as dependency, location, package, CWE, tags, code owner or rule name to filter and manage them collectively.
  5. A drop-down menu at the top left of the page shows the repository’s default branch. Choose a different branch to view its findings.
    • In the following example, main is the default branch. Applying filters with the context ID for main shows results specific to branch. To scan from the default branch, run the following command:
      endorctl scan --path=.
      
      Branch dropdown
    • Similarly, if there is another branch named local-branch, switching to that branch shows results specific to the branch. To scan the branch, run the following command:
      git checkout local-branch
      endorctl scan --path=.
      
Check Projects to see the default branch of your project. To change the default branch, use --as-default-branch while performing the endorctl scan. See scanning strategies for information on testing and monitoring different versions of your code.

Finding attributes

Finding attributes are characteristics or properties associated with each discovered issue or result obtained from a scan. These attributes could include the following details and metadata.

Filter findings

Use filters to narrow findings and focus on the results most relevant to your workflow. Filters help you organize findings by attributes such as severity, category, project, status, repository context, and other finding metadata so that you can investigate, triage, and remediate findings more efficiently. You can use the following filter types to manage findings effectively.
  • Basic filters: Use the preset filters to quickly narrow findings using common attributes such as severity, category, project, and status.
  • Advanced filters: Use advanced filters to create complex queries and combine multiple conditions based on repository context, branches, tags, and other finding attributes.
See Finding filters for more information.

View Remediations

If you enable upgrade impact analysis, you can view the remediation recommendation when you select a finding, if available. Click View Details to view the details of the remediation recommendation. Click View Full Recommendation to view all available upgrade paths.