Feed page — Current tab showing issues of all three types (SAST, Exposed Secrets, Dependency) with their type labels in the Type column.

SAST

Code-level security vulnerabilities found by static analysis of your source code.

Examples:

  • SQL queries built by string concatenation (SQL injection risk)
  • Dockerfile missing USER directive — container runs as root
  • Insecure cryptography usage
  • Unvalidated user input passed to dangerous functions

SAST issues represent coding patterns that could be exploited if the code is deployed as-is. They require a code change to fix.

Exposed Secrets

Hard-coded credentials, API keys, tokens, and password hashes found directly in your source code or configuration files.

Examples:

  • Hard-coded bcrypt password hash
  • AWS access key committed to a file
  • Database connection string with password in plaintext
  • Private key stored in a repository

Exposed Secrets are CRITICAL by default. A secret found in code should be rotated immediately — treat any committed secret as compromised, since it may have been exposed via git history, forks, or CI logs even if later removed.

Dependency

Vulnerable third-party packages and libraries detected in your dependency files.

Examples:

  • babel with a known arbitrary code execution vulnerability
  • vite version vulnerable to path traversal
  • node-forge with an ASN.1 parsing vulnerability

Dependency issues are found by matching your package.json, go.mod, requirements.txt, or equivalent files against CVE databases. The fix is typically to upgrade to a patched version of the package.

Filtering by type

In the Feed, use the Type filter to view only SAST, Exposed Secrets, or Dependency issues. This is useful when triaging — for example, reviewing all exposed secrets first before moving to code issues.

What's next