Overview
Finding types group related finding classes to simplify filtering and scoping. Each finding type maps to one or more finding class patterns.Finding Types Reference
| Finding Type | Finding Classes | Description |
|---|---|---|
| Cryptographic Material | crypto/* | Cryptographic assets: algorithms, certificates, keys |
| Secret | secret/* | Embedded credentials: API keys, tokens, passwords |
| Secret Validated | secret/leaked | Secrets confirmed as valid/active |
| Mitigation Failure | mitigation/* | Missing security mitigations: stack canaries, CFI, ASLR |
| Weakness | weakness/* | Code quality issues: unstripped binaries, RPATH issues |
| Unknown Vulnerability | vulnerability/uefi/* | Zero-day vulnerabilities discovered through deep analysis |
| Known Vulnerability | vulnerability/known-vulnerability | Publicly documented vulnerabilities with CVEs |
| Supply-Chain Failure | supply-chain/* | Supply chain integrity issues |
| Dependency Vulnerability | vulnerability/known-vulnerability (derived from dependency analysis) | Vulnerabilities in external dependencies |
| Suspicious Code | suspicious/* | Potential tampering or obfuscation patterns |
| Malicious Code | malware/* | Confirmed malicious behavior |
Related
- Finding Classes Reference - Complete list of all finding classes
- Findings Scope - Configure which finding types are visible per product