The finding drawer
Open any finding to see everything you need to act:| Tab | Contents |
|---|---|
| Overview | Severity, confidence, CWE, file path, description, and CVSS rationale. |
| Fix | The AI-generated patch and a button to open a fix PR. |
| Exploit | The proof of concept demonstrating the issue. |
| CVSS | The full CVSS 4.0 breakdown. |
| Activity | Status-change history with timestamps. |
Remediation workflow
Open the finding and read the chain
The source-to-sink chain and the primary vulnerable step tell you exactly why
the path is exploitable. Validate it against your environment.
Decide the disposition
Set the status: keep it Open, move to In progress, or mark
Accepted risk (optionally with an expiry) or False positive if it
doesn’t apply.
Fix the root cause
Apply the suggested patch or write your own. Prefer removing the unsafe pattern
over hiding the symptom. Use auto-fix PRs to ship
the patch in one click.
Track the work where your team lives
Create a Jira, Linear, ClickUp, or Shortcut ticket, or get a
Slack nudge, so remediation lands in your normal flow.
Prioritize by impact
Start with the worst paths
Auth bypass, secrets, remote execution, SSRF, and broad data exposure first.
Severity and confidence are right there to sort by.
Filter to what's actionable
Filter the vulnerability table by status, severity, type, repository, branch,
age, or date to build a focused worklist.
Use bulk actions
Select multiple findings to change status or dismiss in bulk.
Make it routine
The best teams treat remediation as a repeatable loop, not an exception.