Security insights

When analyzing your code with NG SAST, your results will include security insights, or security-sensitive functions, along with any other vulnerabilities identified.

At this time, ShiftLeft can only identify insights for JavaScript applications.

What are security insights?

Security insights are findings that indicate a particular code snippet could lead to vulnerabilities in the future. Identifying insights helps a developer avoid this type of code issue early and can help prevent the onset of vulnerabilities.

In short, the difference between a security insight and a security vulnerability is that the latter is an issue that must be corrected immediately due to its negative impact on the application's security, while the former needs review to determine if a fix is appropriate.

Viewing your results

All of the insights that ShiftLeft identifies as being present in your application will appear in the ShiftLeft Dashboard.

To access your results:

  1. Log in to the ShiftLeft Dashboard and select your organization.
  2. Find your application and click to open.
  3. Click over to the Insights tab.
Vulnerabilities Dashboard Indicating Insights Detected

You can open up an individual insight to get information about where it was detected in your code, as well as why the insight might be problematic.

Insights detailed view