Skip to main content

Managing Findings

Efficiently managing security findings is crucial to ensuring that vulnerabilities are addressed promptly and thoroughly. Cantina Code provides several tools to help you track, assign, and collaborate on findings. Here’s how you can make the most of these features.

Responding to Findings

In the Findings section, you’ll see a list of all submitted vulnerabilities. It’s important to engage with researchers in the comment threads until a resolution is reached. This ensures that vulnerabilities are fully understood and addressed.

How to Use:

  1. Access the Findings List: Navigate to the Findings section on your dashboard to view the list of all vulnerabilities.
  2. Engage in the Conversation: Click on a finding to open the conversation thread and provide feedback or ask follow-up questions to the researcher.
  3. Mark as Resolved: Once the vulnerability is addressed, mark the finding as resolved or closed. This ensures that your team keeps track of which issues are still open and which are successfully mitigated.

Integrated Findings

Cantina Code’s newly redesigned code review interface makes collaboration smoother. Comments and findings are now seamlessly integrated alongside the source code, creating a more intuitive review process.

How to Use:

  1. View Comments and Findings: As you navigate the code, comments and findings will appear alongside the relevant lines of code. This allows for a more natural review process, as you can see both the code and feedback in one place.
  2. Collaborate in Context: Respond to comments directly in the interface, providing real-time feedback and collaborating with researchers and other team members on specific lines of code.

Assign Findings

The Assign Findings feature enables customers and repository owners to assign findings to internal team members for investigation and resolution. This feature is especially useful for competitions and collaborative reviews, ensuring that all findings are tracked and addressed by the right people.

How to Use:

  1. Assign a Finding: Click on a finding and use the Assign button to choose a team member who will handle the investigation or resolution of the issue.
  2. Track Assigned Findings: Once a finding is assigned, you can monitor its progress through status updates and comments from the assigned team member.

Findings List

The Findings list gives you a more organized and visible overview of each finding’s status and labels. This change helps you prioritize vulnerabilities and track their progress more easily.

How to Use:

  1. Navigate the Findings List: The updated list displays findings with clear status indicators and labels, making it easier to prioritize and manage each vulnerability.
  2. Filter and Sort Findings: Use filters and sorting options to organize findings by status, priority, or submission date. This helps you focus on the most critical issues first.