Security Insights

When analyzing your code with NG SAST, your results will include security insights, or security-sensitive functions, along with any other vulnerabilities identified.

At this time, ShiftLeft can only identify insights for JavaScript applications.

What are Security Insights?

Security insights are findings that indicate a particular code snippet could lead to vulnerabilities in the future. Identifying insights helps a developer avoid this type of code issue early and can help prevent the onset of vulnerabilities.

In short, the difference between a security insight and a security vulnerability is that the latter is an issue that must be corrected immediately due to its negative impact on the application's security, while the former needs review to determine if a fix is appropriate.

Scanning for Security Insights

Be proceeding, please ensure that you have set up and authenticated with ShiftLeft. Then, analyze your JavaScript application to obtain access to insights.

By default, ShiftLeft looks for insights, though you may modify the NG SAST configuration file to change ShiftLeft's default behavior.

Viewing Your Results

All of the insights that ShiftLeft identifies as being present in your application will appear in the ShiftLeft Dashboard.

To access your results:

  1. Log in to the ShiftLeft Dashboard and select your organization.
  2. Find your application and click to open.

You will see a summary page of all vulnerabilities identified by ShiftLeft, including insights.

Vulnerabilities Dashboard Indicating Insights Detected

Clicking on the Insights box will display a full list of secrets ShiftLeft identified:

List of Identified Insights in ShiftLeft's Dashboard

You can open up an individual insight to get information about where it was detected in your code, as well as why the insight might be problematic.

Insights detailed view