View Vulnerable Code Results for Mend for GitLab
Overview
The Vulnerable Code section can expand for each CWE to see the code snippet in your project and the details of each vulnerability. This information will help you and your developers confront real findings within the code without ever leaving your GitLab environment.
Getting it Done
The Vulnerable Code section can be found on both the Mend Code Security Check after a scan and the Code Security Report on the GitHub Issues tab.
Mend Code Security Check
After a valid commit push, the Mend Code Security Check is triggered, and once completed, the “Vulnerable Code” section will be available for each finding.

Code Security Report
Once the Mend for GitLab SAST scan on the base branch is completed, the Mend Code Security Check creates a GitLab Issue titled “Code Security Report” where you can browse for the “Vulnerable Code”.

Click on “Vulnerable Code” to see the following details for each finding:
Vulnerable Code: Provides information on the location within the code where data can cause harm (also known as the Sink).
# Data Flow/s detected: Number of data flows detected that lead to the finding.
View Data Flow #: View each step of the specified data flow that leads to the finding.
