> ## Documentation Index
> Fetch the complete documentation index at: https://semgrep-ee9d73d8-mintlify-b75b9a88.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# View findings' details

The finding's details page displays in-depth information about the finding, including:

* A detailed description of the finding
* Rule details, including the rule pattern itself, the vulnerability class, and identifiers such as the CWE ID
* <Tooltip tip="Result of Semgrep's analysis generated when a rule matches code. Findings can represent security issues, bugs, or violations of conventions." cta="See full definition." href="/writing-rules/glossary#finding">Finding</Tooltip> details, such as when the finding was identified, the project and branch name, and commit ID where the issue was introduced
* The code snippet where the issue was identified, along with a link to the source code where Semgrep identified the issue
* Suggested fixes for the issue, either generated by Semgrep Multimodal or from the rule itself
* Rule-defined fixes from the rule itself, when available
* Activity history for the finding, including when it was first identified, whether it has been analyzed by Semgrep Multimodal, whether there are any accompanying Jira tickets, notes written by other Semgrep users specifically about this finding, and more.

## View a finding's details

<Steps>
  <Step>
    Log in to [Semgrep AppSec Platform](https://semgrep.dev/login).
  </Step>

  <Step>
    In the **Navigation bar**, click **[Code](https://semgrep.dev/orgs/-/findings)**.
  </Step>

  <Step>
    Identify the finding whose details you want to view:

    * If the default **Group by Rule** is enabled, click the <Icon icon="window-restore" iconType="regular" /> **Details** icon on the card of the finding.
    * If the **No grouping** view is enabled, click the **header hyperlink** on the card of the finding.
  </Step>
</Steps>

### Semgrep Multimodal’s rule and analysis explanation

When Semgrep Multimodal is enabled and classifies a finding as a true or false positive, an alert appears at the top of the finding’s details page. You can also view a detailed explanation that, if applicable, includes steps to exploitability in the **<Tooltip tip="Result of Semgrep's analysis generated when a rule matches code. Findings can represent security issues, bugs, or violations of conventions." cta="See full definition." href="/writing-rules/glossary#finding">Finding</Tooltip> description** tab.

For true positives, the detailed explanation includes a summary and rationale for why the finding was flagged. It draws on the code that matched the rule pattern and the surrounding code to provide context for the rule message. For security-related rules, it also explains how the finding relates to the rule’s threat model.

For false positives, the explanation contains only Multimodal’s reasoning, without additional code context. Some explanations refer to memories, which Multimodal uses to determine whether a finding is a false positive. However, memories are not used when generating the explanation itself.

If Multimodal flags a finding as a false positive, you can provide feedback by selecting **Agree and Ignore** or **Disagree**.

## Dataflow traces

Dataflow traces allow you to visualize the path of tainted, or untrusted, data in findings. This path can help you track the sources and sinks of the tainted data as they propagate through the body of a function or a method. For general information about taint analysis, see [Taint tracking](/writing-rules/data-flow/taint-mode/overview).

### View dataflow traces

<Info>
  **PREREQUISITE**

  Not all Semgrep rules or rulesets make use of dataflow traces, or taint tracking. Ensure that you have a ruleset, such as the **default ruleset** added in your **[Policies page](https://semgrep.dev/orgs/-/policies)**. If this ruleset is not added, go to [https://semgrep.dev/p/default](https://semgrep.dev/p/default), and then click **Add to Policy**. You can add rules that use taint tracking from [Semgrep Registry](https://semgrep.dev/explore).
</Info>

To view the detailed path of tainted data with dataflow traces:

<Steps>
  <Step>
    Log in to Semgrep AppSec Platform, and click **[Code](https://semgrep.dev/orgs/-/findings)** in the **Navigation Bar** to view your findings.
  </Step>

  <Step>
    Select the finding you're interested in, then do one of the following actions:

    * If the default **Group by Rule** is enabled, click <Icon icon="window-restore" iconType="regular" /> **View details** icon on the card of the finding.
    * If **No grouping** view is enabled, click the **header hyperlink** on the card of the finding. In the example screenshot below, the link is titled **tainted-sql-string**.
  </Step>

  <Step>
    In the section titled **Your code**, you can see the source, traces, and sink of the tainted data. Clicking on a specific line in the trace will highlight it in the context of the file, while clicking on the file name at the top of the right pane will take you directly to that file in your source code manager, such as GitHub or GitLab.
  </Step>
</Steps>

## Available actions on the finding details' page

Click on the **kebab** icon to see the menu that includes the following options:

* **Mark as reviewing** to change its status to **Reviewing** and flag the finding as one that is under further manual review
* **Copy file path** of the source code where Semgrep identified the issue
* **Copy link** to the finding's details page

### Scan with Multimodal

If the finding hasn't been analyzed by Multimodal, click the **Analyze** button to begin analysis. Multimodal can:

* Recommend whether the finding should be fixed or ignored
* Provide remediation guidance and, when enabled, [Suggested fix](/semgrep-multimodal/overview#suggested-fix) suggestions on how to fix the finding
* Tag the finding with a component tag, such as `auth` or `payments`.

### Ignore the finding

Click **Ignore...** to ignore the finding. Provide an **Ignore reason**, and add **Comments** on why you think that this finding should be ignored.

If the file for the finding in question is a test file or something similar, you can choose the **Ignore files in future scans...** option, then select the file. Semgrep ignores the file in subsequent scans.

Click **Ignore** to proceed.

### Fix the finding

Click **Fix** see the menu that includes the following options:

* View the associated Jira ticket, if available
* Open a PR that fixes the issue, if possible
* Change the status of the issue as **To fix**, indicating that you plan to return to the finding in the future

Semgrep automatically marks findings as fixed when they're no longer detected in subsequent scans.

### Add notes to findings

To **add notes** to the activity history of a finding:

<Steps>
  <Step>
    Select a finding where you want to view details or add notes, and then do one of the following actions:

    * If the default **Group by Rule** is enabled, click <Icon icon="window-restore" iconType="regular" /> **Details** icon on the card of the finding.
    * If **No grouping** view is enabled, click the **header hyperlink** on the card of the finding.
  </Step>

  <Step>
    Go to the **Activity** section, then click **New note**.
  </Step>
</Steps>
