
SAST
Code-level security vulnerabilities found by static analysis of your source code.
Examples:
- SQL queries built by string concatenation (SQL injection risk)
- Dockerfile missing
USERdirective — container runs as root - Insecure cryptography usage
- Unvalidated user input passed to dangerous functions
SAST issues represent coding patterns that could be exploited if the code is deployed as-is. They require a code change to fix.
Exposed Secrets
Hard-coded credentials, API keys, tokens, and password hashes found directly in your source code or configuration files.
Examples:
- Hard-coded bcrypt password hash
- AWS access key committed to a file
- Database connection string with password in plaintext
- Private key stored in a repository
Exposed Secrets are CRITICAL by default. A secret found in code should be rotated immediately — treat any committed secret as compromised, since it may have been exposed via git history, forks, or CI logs even if later removed.
Dependency
Vulnerable third-party packages and libraries detected in your dependency files.
Examples:
babelwith a known arbitrary code execution vulnerabilityviteversion vulnerable to path traversalnode-forgewith an ASN.1 parsing vulnerability
Dependency issues are found by matching your package.json, go.mod, requirements.txt, or equivalent files against CVE databases. The fix is typically to upgrade to a patched version of the package.
Filtering by type
In the Feed, use the Type filter to view only SAST, Exposed Secrets, or Dependency issues. This is useful when triaging — for example, reviewing all exposed secrets first before moving to code issues.