Security issues
Security issues are instances of problematic code in applications that help you identify bad practices and potential issues that could result in vulnerabilities. These issues may not currently affect the security of your application, but they could become problematic in the future.
Enabling / disabling security issues
By default, preZero enables security findings for all new accounts. However, org owners and super admins can turn security issues on or off at the organization level for existing accounts. To do so:
- Navigate to Organization > Settings.
- Under Security Issues, toggle the switch on to enable security findings or off to disable security findings.
Viewing security issues
To view the security issues for your application:
- Log in to the preZero dashboard.
- In the list of applications that preZero associates with your org, select the application of your choice. This takes you to your application summary view.
preZero includes security issues in the total vulnerabilities count displayed on the application summary.
To view a complete list of the security issues for the app identified by preZero, go to the Findings tab. These items are tagged with a Security Issue label.
preZero allows you to filter security issues based on their severity level, status, the person to whom the issues are assigned for subsequent actions, and more (including its CVSS score, CWE category, OWASP category, and more).
In addition to the Security Issue label, preZero assigns severity levels to each issue and includes labels indicating the CWE and OWASP categories relevant to that finding. Opening each issue provides in-depth information about the finding, including the source and the sink (the area in your code where the issue can be exploited and becomes a vulnerability).
Further reading
- Learn how to include security issues in build rules.