Reviewing Flaw Sources

Results and Reports

The flaw sources report quickly identifies main sources of untrusted data in an application and locates all the flaws that share a flaw source.

Being able to identify multiple flaws that you can fix with a single code change significantly reduces the time developers spend on finding and fixing or mitigating vulnerabilities in software code. If a source is secured by design, developers can report all the flaws stemming from the safe source with a single mitigation action.

To access the flaw sources report after a static scan has completed, in the left navigation pane of the application, under Results, click Flaw Sources.

The flaw sources reports provides the following information:
  • The function that contains the flaw
  • The location in the source file of that function
  • The severities of the downstream flaws
  • The CWE with which each flaw is associated

The flaw sources information is not always available for old scans. You may have to rerun the scan so that Veracode can collect the flaw source data.