Grouped findings as a result of

If one of the criteria (Vulnerable URL, Dependency, File Path) is selected in the "Group findings by" field within the scanner settings, the system checks this field's value during the import of results from the scanner. It then groups all findings with the chosen criterion into a single group.

Grouping operates as follows:

  • If a finding lacks a value for the grouping element (path, URL, or dependency), it remains individual.

  • If there's only one finding with a specific grouping element value, a new separate finding is created.

  • If multiple findings share the same grouping element value, they are grouped into a new grouped finding. Its name follows the format: "Many vulnerabilities found in {grouping_element_name}: {grouping_element_value}".

Grouped finding name example
  • The Description of the grouped finding includes information about each grouped finding in the format: "[severity] title: line". The description of a grouped finding is limited to 3000 characters. If the description exceeds this limit, it will be truncated.

Grouped finding description example

In grouped findings display, a new field appears (above the Description field), reflecting the grouping element's name (URL or dependency). This field holds the corresponding element's value. If the grouping element is the path, its value is shown in the "File Path" field.

Example of a finding with a grouping element Path
Example of a finding with a grouping element URL
Example of a finding with a grouping element Dependency

Setting Severity: For a grouped finding, the severity is set as the highest severity among the individual findings within it. If a severity value cannot be extracted from a finding, the default scanner severity value is assigned.

Deduplication in the description field: During vulnerability grouping, the system compiles vulnerabilities that match the selected criterion (Vulnerable URL, Dependency, File Path) into a list. When creating a description for a grouped vulnerability, deduplication occurs. Deduplication involves the system using a set for all descriptions within the group, removing duplicate lines.

Therefore, if you see grouped vulnerabilities where only one vulnerability is visible inside, it means that the descriptions for those vulnerabilities were similar, and deduplication of lines occurred when creating the grouped vulnerability.

This mechanism provides a clearer and more compact representation of vulnerability groups, simplifying analysis and enhancing the readability of reports.

This signifies the existence of multiple vulnerabilities with "Medium" severity and the description "High Entropy" at line 69

Last updated

Was this helpful?