We’ve spent quite some time figuring out how we could make it easier for you to work with your Detectify findings. Working closely with some of our clients, we’ve developed a new graph that makes it easier to see what has happened between your scans over time.
It might look a bit scary at first but hey – don’t worry. In this blogpost we’ll guide you through the numbers and how to interpret them.
As usual, you can see the CVSS score of the vulnerability with the highest severity at the top of the graph and the dates of the scans at the bottom.
Finding severity categories and “Resolved”
In the square boxes you can find the different finding severity categories – high, medium and low. This number represents the number of findings belonging to each of these categories. At the bottom, there is a circle with the number of Resolved vulnerabilities for each scan. “Resolved” includes two types of findings:
– Fixed: the number of findings tagged as fixed at a particular scan
– Uncategorized: if you tag a finding as an “Accepted Risk” or a “False Positive”, it will show up here. Findings can also appear in this category if you have fixed vulnerabilities without tagging them as “Fixed”, or because the same finding could not be detected in two consecutive scans. The main reason for this is that the scope of the scan is too big, which causes our scanner to identify fewer findings. If you narrow down the scope of the scan (by, for example, breaking down your scan profile into multiple smaller profiles), we will be able to crawl your site more thoroughly and identify more security issues.
If you hover over the “Resolved” circle, you can see the exact number of “Fixed” and “Uncategorized” findings.
Findings Increment and Resolved
The small circles at the top of the square boxes indicate the increment or decrement (same as resolved) of findings for each category over time. The increment can consist of:
2) new code that has been released on your end and is vulnerable.
The decrement, on the other hand, is the total number of resolved findings between two scans.
The old graph will still be accessible as the default graph in the tool. However, the new advanced graph can help you work more actively with security, so we recommend you to give it a try! If you have any feedback on the advanced graph or questions about using it, feel free to drop us a line.
The Detectify Team