Reviewing Flaw Sources

Results and Reports

The flaw sources report quickly identifies main sources of untrusted data in an application and locates all the flaws that share a flaw source.

Being able to identify multiple flaws that you can fix with a single code change significantly reduces the time developers spend on finding and fixing or mitigating vulnerabilities in software code. If a source is secured by design, developers can report all the flaws stemming from the safe source with a single mitigation action.

To access the flaw sources report in the Veracode Platform after a static scan has completed, in the left navigation pane of the application page, click Results > Flaw Sources.

The flaw sources reports provide this information:

  • The function that contains the flaw
  • The location in the source file of that function
  • The severities of the downstream flaws
  • The CWE with which each flaw is associated