View SAST Findings

After a scan completes, SAST findings appear in the SAST tab of your Radar project. This page explains how to navigate, filter, and understand the findings table.

Findings Table

Navigate to your Radar project and click the SAST tab. The findings table shows all detected vulnerabilities:

ByteHide Radar SAST tab showing detection summary with severity breakdown, filters for Status Severity CWE and OWASP, and findings table with fingerprint title severity status location and AutoFix columnsClick to expand

Columns

ColumnDescription
FingerprintUnique identifier that persists across scans. Radar tracks the same vulnerability over time: if it disappears it is marked Fixed, if it reappears it is reopened
TitleVulnerability name (e.g., "SQL Injection via String Concatenation", "Hardcoded Database Password")
SeverityCritical (red), High (orange), Medium (yellow), or Low (blue)
StatusOpen, Fixed, Ignored, or False Positive
LocationFile path and line number, linked directly to the code on GitHub
Last SeenTimestamp of the most recent scan that detected this finding
AutoFixLink to the AI-generated PR if available, dash otherwise

Filters

The filter bar above the table lets you narrow results:

FilterOptionsUse case
StatusOpen, Fixed, Ignored, False PositiveDefault shows Open. Select Fixed to review remediation history
SeverityCritical, High, Medium, LowFocus on Critical + High for remediation sprints
CWESearch by CWE ID or name (e.g., "CWE-89")Track remediation for a specific vulnerability class
OWASPOWASP Top 10 2021 categoriesCompliance reporting aligned with OWASP framework

Multiple values can be selected per filter. Use Sort by (Last Seen, Severity) and the sort direction toggle to organize results.

ByteHide Radar findings list filtered by Fixed status showing severity, file location with line numbers, and AutoFix PR button for automated remediationClick to expand

Finding Detail

Click any row to open the finding detail panel:

ByteHide Radar SAST finding detail showing Path Traversal vulnerability with 50% Medium confidence score, CWE-22 and OWASP A01:2021 badges, code snippet with highlighted line, description, location, recommendation, and Create PR to fix buttonClick to expand

General Tab

  • Description - What the vulnerability is and why it matters
  • Location - File path, line number, and code snippet with the vulnerable line highlighted
  • CWE and OWASP - Clickable badges (e.g., CWE-22, OWASP A01:2021)
  • Severity and Confidence - Severity level and AI confidence score (0-100%)
  • Recommendation - How to fix the issue

AI Explanation Tab

AI-generated contextual analysis: why the code is vulnerable, the specific attack scenario, how it relates to surrounding code, and tailored remediation advice.

Autofix With AI Tab

When available, shows the proposed code changes as a diff and an explanation. Click Create PR to fix to open a pull request with the fix. See AutoFix.

Activity Tab

Chronological timeline of status changes, comments, and scan history for this finding.

Bulk Actions

Select multiple findings using checkboxes to apply bulk actions:

  • Mark as Ignored - Dismiss with a shared justification
  • Mark as False Positive - Flag as incorrect detections
  • Export - Download selected findings as a report

Pagination

Configure rows per page (10, 25, 50, 100) using the control at the bottom of the table. The total count of findings matching your current filters is displayed.

Prioritization Tip

Combine Severity: Critical + OWASP: A03 Injection to immediately surface the most dangerous injection vulnerabilities in your codebase.

Next Steps

Triage and Remediation

Review, prioritize, and resolve SAST findings.

AI Explanation

How Radar's AI provides contextual vulnerability analysis.

CWE Reference

CWE identifiers used to classify SAST findings.

Previous
Supported Languages
Next
Triage and Remediation