View Security Reports
Understand your repository or extension's security analysis results and explore detailed findings by severity and category.
Accessing Your Report
From Repository Status
- After your analysis completes (status changes to "Complete"), click the View Report button on the Repository Status page
- You'll be taken to the full Security Report page
From Dashboard
- Log in to your Can I Run That account at https://app.canirunthat.com
- On the dashboard, click on any repository or extension with a completed analysis
- Click to view the report
Report Overview
The Security Report provides a comprehensive summary of your code analysis:
Risk Grade
The report displays a Risk Grade (A – F scale):
| Grade | Risk Level | Meaning |
|---|---|---|
| A | Minimal | Excellent security posture; very few or no critical issues |
| B | Low | Good security posture; minor issues that could be addressed |
| C | Moderate | Not recommended for use until vulnerabilities are addressed |
| D | High | Not recommended for use; significant vulnerabilities present |
| E | Very High | Not recommended for use; critical vulnerabilities present |
| F | Critical | Not recommended for use; severe security issues |
Risk Score
Below the risk grade, you'll see a Risk Score. The risk score is based on the number and severity of issues identified compared to the size of the project.
- Higher score = More security issues or more severe issues relative to project size
- Lower score = Fewer or less severe issues relative to project size
Finding Categories
Security findings are organized into 10 major categories. Each category focuses on a different aspect of code security:
| Category | Description | Examples |
|---|---|---|
| Vulnerability | Known security vulnerabilities and exploits | SQL injection, XSS, buffer overflow |
| Dependency Risk | Vulnerable or outdated dependencies | Unpatched packages, known CVEs |
| Authentication & Authorization | Issues with user identification and access control | Weak password policies, missing auth checks |
| Data Protection | Sensitive data exposure and encryption issues | Hard-coded credentials, unencrypted storage |
| Injection Attacks | Code injection vulnerabilities | Command injection, LDAP injection |
| Cryptography | Weak or incorrect cryptographic implementations | Use of deprecated algorithms, weak key sizes |
| Error Handling | Improper error messages and exception handling | Overly detailed error messages, unhandled exceptions |
| Configuration & Deployment | Infrastructure and configuration security issues | Insecure defaults, exposed configuration files |
| Code Quality | General code quality that impacts security | Dead code, code duplication, hard-coded values |
| Third-Party Components | Issues in libraries and external dependencies | Vulnerable plugins, outdated frameworks |
Finding Severity Levels
Each finding is assigned a Severity Level:
| Severity | Description | Impact if Deployed |
|---|---|---|
| Critical | Immediate security threat; exploit available | Critical security breach or data loss |
| High | Major security vulnerability; likely exploitable | Significant security compromise |
| Medium | Moderate security issue | Potential security compromise |
| Low | Minor issue or best practice | Limited security impact |
| Informational | Informational; no immediate security impact | No security impact |
Exploring Findings
Finding Details
When you click on a finding, you can see:
- Finding Title: Name and description of the issue
- Severity Badge: Visual indicator of severity level (colored badge)
- Category: Which of the 10 categories this finding belongs to
- Description: Detailed explanation of what the issue is
- Risk Impact: Why this issue is a security concern
- Code References: File paths and line numbers where the issue was found
File-Level Analysis
Viewing Issues by File
- In the findings list, findings are organized by source file
- Click on a filename to expand and see all findings in that file
- File path, line number, and column number are shown for each finding
Understanding File Context
For each finding, you can see:
- File Path: Where in your code the issue is located (e.g.,
src/auth.js) - Line Number: The exact line where the issue was found
- Code Snippet (if available): A small preview of the problematic code
Filtering by Category and Severity
When drilling into specific files, you can filter findings by:
- Category — Show only findings in specific categories
- Severity — Show only findings of a specific severity level
Note: Filtering is available when drilling into specific files, not on the main report overview.
Report Actions
The report page typically provides several actions:
Share Report
Generate a shareable link to send the report to team members or clients. See Share Reports for more details.
Re-scan
Run another analysis on the same repository/extension with fresh data.
Understanding Trends
If your repository has been scanned multiple times, the report may show trends:
- Previous Score: Risk score from the last scan
- Score Change: Whether the score improved or worsened
- Finding Trends: Charts showing how the number of issues has changed over time
This helps you track security improvements over time.
Sharing with Team or Clients
To share findings with your team or with clients:
- Use Share Reports to generate a shareable link
- Team members can review the report using the shared link
- See Share Reports for detailed sharing options
Next Steps
- Share Your Report: Invite team members or clients to review findings in Share Reports
- Review Scan History: See previous scan results in Scan History
- Schedule Future Scans: Set up automated periodic scans in Scan Scheduling
Troubleshooting
Cannot Access Report
Report page won't load or shows an error
- Ensure the analysis has completed (check Repository Status page)
- Make sure you are signed into an account belonging to the company who initiated the analysis
- Try refreshing the page (F5 or Ctrl+R)
- Clear browser cache and try again
Report Data Looks Old
The report shows an older analysis result
- Verify you're viewing the correct submission (check timestamps)
- Use Scan History to find the most recent report
- Or submit a new scan to get updated results
For additional help, contact support at Support.