AI-powered vulnerability analysis in SourceCraft

For issues detected in the course of static application security testing, there is triage, i.e, AI suggestions with risk and criticality assessment, false positive probability analysis, and possible fixes.

To run AI-powered vulnerability analysis:

1. Open the SourceCraft home page.

2. On the Home tab, navigate to Repositories and select a repository.

3. Under Security on the repository page, go to Code scanning.

   Note

   Similarly, you can view a general list of issues for all repositories in the organization.

4. Select the issue you want to run AI-powered vulnerability analysis for.

5. In the top-right corner, click Triage with AI.

   Wait for a comment from SourceCraft Security Bot to appear.

See also

• Demo repository with vulnerabilities
• Security in SourceCraft
• Setting up a custom security analyzer in SourceCraft
• Static code analysis in SourceCraft
• Security dashboard in SourceCraft
• Analyzing vulnerabilities in SourceCraft repository dependencies
• Secret scanning in a SourceCraft repository