SupportSnyk LearnAPI referenceProduct updatesSign up for free
Edit

Exploring the vulnerability issues discovered by Snyk Code

Each vulnerability issue that was discovered by Snyk Code contains the following details:

  • Severity level - can be one of the following: High, Medium, or Low. Note: The Severity level of an issue in the Snyk Code analysis is defined mainly by the risk of the Sink of the potential vulnerability. For more information about the Source and Sink of an issue, see Exploring the Data flow page.

  • Vulnerability Type - the type of security vulnerability or Security Rule that was discovered in the source code. In this example, “SQL Injection”. Note: For the full list of Vulnerability Types/Security Rules that Snyk Code applies to your source code, see Security Rules used by Snyk Code.

  • Priority Score - a number that is calculated and assigned by Snyk Code to each discovered issue, based on the severity level, risk, frequency, and ease of fix of the issue. Note: For more information, see Understanding the Priority Score of the Snyk Code issues.

  • CWE reference - the CWE (Common Weakness Enumeration) ID of the specific Vulnerability Type, and a link to the CWE website, where this Vulnerability Type is described:

By clicking the CWE link, you can open the CWE web page that provides additional details about the Vulnerability Type of the discovered issue:

  • Code snippet - the Sink area in the analyzed code, where the discovered vulnerability may be executed. To view the entire code snippet, click the Full details button to open the Data flow page.

  • Vulnerability overview - a short description of the discovered vulnerability. To view the full description of the vulnerability, click the Full details button to open the Data flow page.

  • Link to the tainted source code in the integrated SCM - a link to the vulnerable file in the SCM:

By clicking the file link, the source code file that includes the Sink area of the issue is opened in the integrated SCM. The vulnerable Sink area is highlighted in the code:

  • [If available] Snyk Learn link - a link to an article in Snyk Learn, which provides detailed information from industry experts via interactive lessons on how to understand, fix, and avoid the discovered vulnerability.

  • Ignore button - enables you to ignore this vulnerability issue. Note: For more information, see Ignore issues.

  • Full details button - enables you to open the Data flow and Fix analysis pages for more information on the discovered issue and fix recommendations and examples.

PreviousThe Code Analysis page - the Vulnerability Issues areaNextExploring the Data flow and Fix analysis pages of an issue

Last updated

Was this helpful?

#4707: More info: Update pricing plans page

Change request updated