Skip to main content
Findings are security issues discovered by Corridor in your code. They are created from PR reviews, guardrail violations, and code scans. Each finding represents a specific security issue at a specific location in your code.

Finding properties

PropertyDescription
TitleBrief description of the vulnerability (e.g., “SQL Injection in userController.js”)
DescriptionDetailed explanation with security impact
SeverityCritical, High, Medium, Low, or Informational
StateOpen, Closed, or Potential
LocationFile path, line number, and code snippet
RemediationSpecific guidance on how to fix the issue

Finding states

StateDescription
PotentialNeeds verification—may be false positive
OpenConfirmed issue requiring remediation
ClosedIssue has been resolved
Won’t FixAccepted risk with documented justification

Managing findings

When a new finding arrives, review the description and code context, verify it’s a real issue, and either move it to Open or mark as Won’t Fix with justification. To fix a finding:
  • Manual fix: Navigate to the file/line mentioned and fix the code based on Corridor’s recommendation
  • AI-assisted fix: Use your AI assistant to help fix it—copy Corridor’s finding description and ask your AI to fix the issue
  • Auto fix (if available): On certain findings, Corridor can open a new branch/PR with the suggested code changes for you to review and merge
After a fix is applied, Corridor will rescan and mark the finding as Closed if the issue is gone.

False positives

If you determine a finding is not actually a problem, mark it as Won’t Fix with a reason. This feedback helps improve detection accuracy over time.

Managing findings via AI assistant

If you have the Corridor MCP integration set up, your AI assistant can interact with findings directly:
  • Retrieve findings: Ask your AI “What are the open critical security issues?” to get findings filtered by state and severity
  • Get finding details: Ask “Show me details about finding X” to get the full description, affected code, and remediation guidance
  • Update finding state: Tell your AI “Mark this finding as a false positive” to close the finding with the appropriate reason
See Corridor MCP for the full list of available tools and requirements.

Chats for deeper analysis

Chat features are available on Enterprise plans.
Use the chat feature to dig deeper into findings—ask questions about the vulnerability and its impact, get more detailed remediation guidance, and explore related code patterns. See Chats for more details.

Next steps

PR Reviews

How findings are discovered in pull requests

Chats

Investigate findings with AI assistance