When analyzing your code with NG SAST, your results will include security insights, or security-sensitive functions, along with any other vulnerabilities identified.
What are Security Insights?
Security insights are findings that indicate a particular code snippet could lead to vulnerabilities in the future. Identifying insights helps a developer avoid this type of code issue early and can help prevent the onset of vulnerabilities.
In short, the difference between a security insight and a security vulnerability is that the latter is an issue that must be corrected immediately due to its negative impact on the application's security, while the former needs review to determine if a fix is appropriate.
Scanning for Security Insights
By default, ShiftLeft looks for insights, though you may modify the NG SAST configuration file to change ShiftLeft's default behavior.
Viewing Your Results
All of the insights that ShiftLeft identifies as being present in your application will appear in the ShiftLeft Dashboard.
To access your results:
- Log in to the ShiftLeft Dashboard and select your organization.
- Find your application and click to open.
You will see a summary page of all vulnerabilities identified by ShiftLeft, including insights.
Clicking on the Insights box will display a full list of secrets ShiftLeft identified:
You can open up an individual insight to get information about where it was detected in your code, as well as why the insight might be problematic.