Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Fix Report Overview
  • Issue Categorization
  • Issue Categorization - Fixable Issues
  • Issue Categorization - Irrelevant Issues
  • Issue Categorization - Remaining Issues
  • Bulk Commits
  • Search and filtering fixes
  • Fixing Effort

Was this helpful?

  1. Getting Started

Working with the Fix Report

The fix report page allows you to browse through the fixes available for your project

PreviousAutomate Mobb in a CI/CD pipelineNextMobb CLI Overview

Last updated 2 months ago

Was this helpful?

Fix Report Overview

The top banner provides users with the following information:

  • Overview of the fix report, such as the name of the project, repository link, branch name, git hash, and whether there are code version issues.

  • Analysis version: If multiple versions are available, click on the drop-down to select other previous runs.

  • Report expiry. (default is 2 weeks). If extension is required, click on the 3 dots to extend it by 30 days.

  • Fix status: Calculates the number of fixes in ready, committed, and downloaded status.

  • Top issues by Type: This chart shows the number of fixes available by top issue types.

Issue Categorization

The issues reported by your SAST report will be categorized into one of 3 categories: Fixable issues, Irrelevant Issues, and Remaining Issues. See below for more details

Issue Categorization - Fixable Issues

By selecting the "Fixable Issues" category. Your fix report will display the actionable fixes that you can review and commit directly to your repository.

Issue Categorization - Irrelevant Issues

By selecting "Irrelevant Issues", you will be able to see issues that are most likely false positives or irrelevant to your current context. There are various types of reasonings that you may observe when you are in this view:

Here is an example of a False Positive detection in action:

Issue Categorization - Remaining Issues

By selecting the "Remaining Issues" category, you will see the list of issues that Mobb does not have a fix yet.

Bulk Commits

Once you have reviewed fixes for a particular issue type, you have the option of committing multiple fixes at the same time. To do so,

  1. Select the checkbox for the issue type

  2. Confirm the number of fixes you will be committing

  3. Select either "Commit Fixes" or "Download"

  4. If "Commit Fixes" is selected, this will bring up the "Commit changes" screen which will allow you to submit the fixes

Search and filtering fixes

You can filter the fixes by using the "Add filter" button. There are different filter parameters available:

  • Dev Owner

  • Issue Type

  • Status

  • Confidence

  • PowerUp

  • Severity

  • Language

  • Effort

Fixing Effort

Fixing effort is an indicator of the level of effort required to complete a particular fix. This can be viewed in the fix report page under the "Effort" column as shown:

Currently, there are 3 levels of fixing effort:

- Autogenerated code refers to code that is generated automatically by tools or frameworks as part of the build or runtime process. This categorization highlights that the issue resides in non-manual code, which often requires tool-specific solutions or exemptions.

- False positive indicates the finding reported in your SAST report is not a real security issue and is potentially incorrectly flagged by the SAST tool. The specific reasoning will be outlined

- Test code refers to code that resides in a test-specific path or context. This categorization indicates that it supports testing scenarios and is isolated from production use.

Due to Mobb's mandate to only release deterministic and validated fixes, certain issues in your SAST report will not be fixed by Mobb yet. If you'd like Mobb to fix these issues, please reach out to us at !

Easy / One-click fix - Mobb has all the information it needs, and no further actions are required.

Additional Actions Required - Mobb has most of the info it needs, but provides you with the opportunity to influence the fix further.

Dev research required - Mobb has most of the info it needs, but may require you to perform some additional research to validate and finalize the fix.

support@mobb.ai
Example of a false positive detection