Code Traceback
How to trace vulnerabilities back to the code origin.
NightVision's API Discovery feature enables tracing vulnerabilities back to the code origin. When NightVision scans code, it also annotates the Swagger doc with the file path and line of code in which endpoints are declared. When exploitable vulnerabilities are discovered with NightVision DAST, NightVision can surface these results in GitHub Security Alerts and tie the DAST findings back to the code origin.
Tracing DAST Results to the code origin in GitHub Security Alerts.
Too often, developers look at code scanning alerts in GitHub or GitLab and ignore them completely - because the results are not exploitable.
Developers tend to react differently to NightVision's code scanning alerts because NightVision verifies exploitability. NightVision tells the developer exactly how the vulnerability was exploited.
In the case below, NightVision explains to the developer that NV sent the payload ' to the searchText request parameter in a POST request and getting org.postgresql.util.PSQLException in the response.
Surfacing exploitable vulnerabilities in GitHub Security Alerts - right in the developer's workflow.
Ready to try it out?Follow our GitHub Actions tutorial below.
Code Traceback Tutorial: GitHub ActionsUpdated 4 months ago