Reviewing Flaw Sources

Results and Reports

The flaw sources report quickly identifies main sources of untrusted data in an application and locates all the flaws that share a flaw source.

Being able to identify multiple flaws that you can fix with a single code change significantly reduces the time developers spend on finding and fixing or mitigating vulnerabilities in software code. If a source is secured by design, developers can report all the flaws stemming from the safe source with a single mitigation action.

To access the flaw sources report after a static scan has completed, in the left navigation pane of the application, under Results, click Flaw Sources.



The flaw sources reports provide the following information:
  • The function that contains the flaw
  • The location in the source file of that function
  • The severities of the downstream flaws
  • The CWE with which each flaw is associated