CloudDefense.AI
  • Connect Repositories
    • Scan a Github/Gitlab
    • Scan an Azure DevOps repository
    • Scan a Bitbucket repository
  • Scans
    • Written code Scan (SAST)
    • Open Source Libraries Scan (SCA)
    • Secrets Scan
    • DAST Scans
    • API Scan from CloudDefense UI
  • CI/CD
    • GitHub Enterprise Actions
    • Methods for CI/CD integration with CLI
    • CI/CD Policies
    • Jenkins integration with cdefence
  • Integration
    • IaC on GCR Scan
    • IaC on Amazon ECR Scan
    • IaC on Docker Hub Scan
    • Integration with ServiceNow
    • Integration with Jira
    • SSO Okta App Integration
    • Set up CloudDefense Single Sign-On (SSO)
    • SIEM
      • Azure Sentinel
      • IBM Qradar
      • Micro Focus ArcSight Logger
  • Features
    • Sharing Integration
    • How to Enable Multi-Factor Authentication
    • AUTO PR
    • Remediation using SAST Recommendations
    • Global Allowed List and Local allowed list - Documentation
    • File Exclude
  • CloudDefense CLI
    • Cloud Defense CLI
  • On-Prem Installation
    • Install CloudDefense Helm on a Kubernetes Cluster
    • Install CloudDefense suite on a Kubernetes cluster
  • Others
    • Team Management
    • User Management
    • App Management
    • LogIn/Signup process
Powered by GitBook
On this page
  • Step 1 : Select “Recommendations” for recommendations.
  • Step 2: Code Recommendations
  1. Features

Remediation using SAST Recommendations

PreviousAUTO PRNextGlobal Allowed List and Local allowed list - Documentation

Last updated 2 years ago

Recommendation service helps you understand the impact or root cause of any detected vulnerabilities, recommendation service also correlates detected findings or vulnerabilities with OWASP top 10 rankings to give you more context and information on detected vulnerabilities. Recommendation service gives you two kinds of recommendations for any detected vulnerabilities.

  1. Descriptive - This kind of recommendation helps you understand vulnerabilities and some methods to protect your application from such vulnerabilities by following some basic rules or good practices. This kind of recommendation is not focused on any specific tech stack or programming language. The descriptive recommendation shows you the following details

  • OWASP Ranking

  • CWE Information

  • Some example bad codes

  • Attack Scenarios

  • Attack prevention techniques

2. Code Snippets - This kind of recommendation gives you examples of code snippets in different programming languages, where our recommendation services show you vulnerable codes and fixes for those vulnerabilities.

Step 1 : Select “Recommendations” for recommendations.

To understand how a recommendation service works. You can run a SAST scan for any supported programming language and then open the report. You’ll see a “Recommendations” button in the footer section of each finding.

Click on “Recommendations” and you’ll see this kind of popup with detailed recommendations.

Here you can see a detailed description of CWE-22 and if you scroll down, you’ll also see more detailed attack prevention techniques.

Step 2: Code Recommendations

The next part is code recommendations. As you can see, there are some code recommendations here. You’ll also notice an arrow icon on top of code recommendations, that gives you an option to see code suggestions in different available languages like javascript, java, python, php, ruby, etc.