Where is the output result of Static Analysis: Potential execution of vulnerable code

eclipse / steady

Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

Apache License 2.0

517 stars 124 forks source link

Where is the output result of Static Analysis: Potential execution of vulnerable code #591

Open ZupeiNie opened 1 year ago

ZupeiNie commented 1 year ago

Hello, I want to know where is the output result of Static Analysis: Potential execution of vulnerable code, I can see the call chain on the front end, but I can’t find relevant information in the report. Where can I get the call chain information?

henrikplate commented 1 year ago

We only show the call path to vulnerable methods in the frontend, we do not include this detailed information in the report. You can obtain it programmatically by calling this endpoint: https://github.com/eclipse/steady/blob/master/rest-backend/src/main/java/org/eclipse/steady/backend/rest/ApplicationController.java#L2617