Skip to main content
Skip table of contents

View Vulnerable Code Results for Mend for GitLab

Overview

The Vulnerable Code section can expand for each CWE to see the code snippet in your project and the details of each vulnerability. This information will help you and your developers confront real findings within the code without ever leaving your GitLab environment.

Getting it Done

The Vulnerable Code section can be found on both the Mend Code Security Check after a scan and the Code Security Report on the GitHub Issues tab.

Mend Code Security Check

After a valid commit push, the Mend Code Security Check is triggered, and once completed, the “Vulnerable Code” section will be available for each finding.

image-20250625-192943.png

Code Security Report

Once the Mend for GitLab SAST scan on the base branch is completed, the Mend Code Security Check creates a GitLab Issue titled “Code Security Report” where you can browse for the “Vulnerable Code”.

image-20250625-193048.png

Click on “Vulnerable Code” to see the following details for each finding:

  • Vulnerable Code: Provides information on the location within the code where data can cause harm (also known as the Sink).

  • # Data Flow/s detected: Number of data flows detected that lead to the finding.

  • View Data Flow #: View each step of the specified data flow that leads to the finding.

image-20250625-193512.png
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.