Viewing & Filtering Findings¶
The Findings page is the central view for all security issues detected across your organization. With filtering, search, and interactive drill-downs, you can quickly find and focus on the findings that matter most.
Accessing Findings¶
Navigate to Findings from the left sidebar to open the main findings table. By default, the table shows all open findings across all assets, sorted by severity (Critical first).
The Findings Table¶
The findings table displays one row per unique finding with the following columns:
| Column | Description |
|---|---|
| Severity | Color-coded badge: Critical (red), High (orange), Medium (yellow), Low (blue) |
| Title | The finding's human-readable summary |
| Asset | The repository where the finding was detected |
| Scanner | Which scanner detected the finding (OpenGrep, Semgrep, Trivy, Grype, Gitleaks) |
| Status | Current triage status (Open, Confirmed, In Progress, Resolved, False Positive, Accepted Risk) |
| File | The file path where the finding exists |
| First Detected | When the finding was first seen |
| Last Seen | The most recent scan that confirmed the finding |
Filters¶
The filter panel above the table provides three primary filter dimensions:
Severity Filter¶
Filter findings by severity level. Select one or more:
| Option | What It Shows |
|---|---|
| Critical | Only critical-severity findings |
| High | Only high-severity findings |
| Medium | Only medium-severity findings |
| Low | Only low-severity findings |
Multiple selections are supported — selecting Critical and High shows both.
Focus on What Matters
Start by filtering to Critical and High severity findings. These represent the most impactful vulnerabilities and should be your triage priority.
Status Filter¶
Filter by triage status:
| Option | What It Shows |
|---|---|
| Open | Findings that have not yet been reviewed (default) |
| Confirmed | Findings confirmed as real vulnerabilities |
| In Progress | Findings with an active fix in progress |
| Resolved | Findings that have been fixed |
| False Positive | Findings marked as not real vulnerabilities |
| Accepted Risk | Findings where the risk has been accepted |
Default Filter
The Findings page defaults to showing Open findings. To see resolved or dismissed findings, change the status filter. Select "All" to see every finding regardless of status.
Scanner Type Filter¶
Filter by which scanner detected the finding:
| Option | Category |
|---|---|
| OpenGrep | SAST |
| Semgrep | SAST |
| Trivy | SCA |
| Grype | SCA |
| Gitleaks | Secrets |
This is useful when you want to focus on a specific category of findings — for example, viewing only secrets findings from Gitleaks or only dependency vulnerabilities from Trivy.
Combining Filters¶
Filters are cumulative. Examples:
| Filter Combination | Result |
|---|---|
| Severity: Critical + Status: Open | All critical findings not yet triaged |
| Scanner: Gitleaks + Status: Open | All unreviewed secret findings |
| Severity: High + Scanner: Trivy + Status: Confirmed | High-severity confirmed dependency vulnerabilities |
Search¶
The search bar at the top of the findings table performs text search across:
- Finding title
- File path
- Rule ID
- CVE identifier
sql injection → Finds findings with "sql injection" in the title
src/auth → Finds findings in files under src/auth/
CVE-2024-1234 → Finds the specific CVE
hardcoded-secret → Finds findings from the hardcoded-secret rule
Search is case-insensitive and combines with active filters.
Pagination¶
The findings table uses server-side pagination:
- Default page size: 25 findings per page
- Navigation: Previous / Next buttons and page number links at the bottom
- Total count: Displayed above the table (e.g., "Showing 1-25 of 342 findings")
- Filter-aware: Pagination reflects the current filter and search state
Clicking a Row: The Magic Panel¶
Clicking any finding row opens the magic panel — a slide-out detail panel on the right side of the screen. The magic panel provides a quick view of the finding without navigating away from the table.
The magic panel displays:
| Section | Content |
|---|---|
| Header | Severity badge, status badge, scanner type badge |
| Title | The finding's full title |
| Description | Detailed explanation of the vulnerability |
| Location | File path and line numbers |
| Code Snippet | The relevant source code with highlighted lines |
| Rule ID | The scanner rule that triggered the finding |
| Identifiers | CWE and CVE identifiers (if applicable) |
| Timeline | First detected and last seen timestamps |
| Triage Controls | Status dropdown and triage reason field for quick triage |
Quick Triage
The magic panel is designed for efficient triage. You can review a finding and change its status without leaving the findings table. Click the next row to immediately review the next finding.
Closing the Panel¶
- Click the X button in the panel header
- Click outside the panel
- Press Escape
Dashboard Drill-Downs¶
The Mayo ASPM dashboard includes interactive charts that link directly to filtered findings views:
Severity Distribution Chart¶
Clicking a severity segment (e.g., the "Critical" slice) in the dashboard's severity distribution chart navigates to the Findings page with the severity filter pre-set to Critical.
Findings Over Time Chart¶
Clicking a data point on the findings trend chart navigates to findings detected during that time period.
Asset Findings Count¶
Clicking an asset's finding count on the dashboard navigates to the Findings page filtered to that specific asset.
Scanner Breakdown¶
Clicking a scanner segment in the dashboard's scanner breakdown chart navigates to findings filtered by that scanner type.
Preserving Context
When navigating from the dashboard, the URL includes filter parameters. You can bookmark or share these filtered URLs with team members.
Exporting Findings¶
To export your current filtered view:
- Apply the desired filters and search
- Click the Export button in the top-right corner
- Choose the export format:
| Format | Description |
|---|---|
| CSV | Comma-separated values — compatible with spreadsheets and data tools |
| JSON | Structured data — useful for integrations and scripting |
The export includes all findings matching the current filters, not just the current page.
Saved Views¶
Frequently used filter combinations can be bookmarked using browser bookmarks. The Findings page encodes all active filters in the URL:
Bookmark this URL to quickly return to the same filtered view.
Next Steps¶
- Triage Workflow — Learn how to triage and manage finding statuses
- Finding Details — Explore the full detail page for individual findings
- Findings Overview — Understand the unified findings model