GraphNode
Docs/Audit & Triage

Audit & Triage

The Audit module is where security teams review, analyze, and triage scan findings. Examine vulnerabilities with full data flow context, categorize findings, and track your audit progress across projects.

Audit Module

The Audit module presents all detected vulnerabilities from your scans in a structured table view. Each finding includes its severity level, vulnerability category, affected file path, and current audit state, allowing security teams to quickly prioritize and work through findings.

VULNERABILITYSEVERITYCATEGORYFILE PATHSTATESQL InjectionCriticalInput ValidationUserController.javaLine 142PendingCross-Site Scripting (XSS)HighInput ValidationSearchView.csLine 89ExploitableHardcoded PasswordMediumCryptographyConfig.javaLine 23False Pos.Missing CSRF TokenLowSession MgmtFormHandler.phpLine 56SuppressedPath TraversalHighInput ValidationFileService.javaLine 201Pending

Audit Table Features

Sort by severity, category, or state
Filter by severity level or audit state
Click any row to open code review panel
Bulk triage multiple findings at once

Vulnerability Categories

GraphNode organizes all detected vulnerabilities into eight main categories aligned with industry standards such as OWASP and CWE. This categorization helps teams understand the nature of each finding and prioritize remediation efforts effectively.

Authentication

Authentication bypass, weak authentication mechanisms, missing multi-factor authentication enforcement.

Authorization

Privilege escalation, missing access controls, insecure direct object references (IDOR).

Code Quality

Null pointer dereference, resource leaks, dead code, race conditions, and other quality issues.

Configuration

Insecure defaults, debug mode enabled in production, overly permissive CORS settings.

Cryptography

Weak algorithms (MD5, SHA1), hardcoded encryption keys, insufficient key lengths, insecure random number generation.

Input Validation

SQL Injection, Cross-Site Scripting (XSS), Command Injection, Path Traversal, LDAP Injection, and XML External Entity (XXE).

Session Management

Session fixation, insecure session handling, missing session expiration, cookie security misconfiguration.

Miscellaneous

Other security findings including information disclosure, error handling issues, and logging sensitive data.

Code Review & Data Flow

Clicking on any vulnerability in the audit table opens the code review panel. This panel shows the source code with the vulnerable line highlighted and, most importantly, displays the complete Vulnerability Flow -- GraphNode's deep taint tracking that traces how untrusted data propagates from its source to a dangerous sink function.

Core Differentiator: GraphNode's data flow analysis goes beyond simple pattern matching. It performs deep taint tracking across method calls, class boundaries, and even inter-file references to show exactly how untrusted input reaches a dangerous operation.
Vulnerability Flow - SQL Injection (CWE-89)SOURCEUserController.java : 25String userId = request.getParameter("userId");1taint propagationPROPAGATIONUserDAO.java : 42String query = "SELECT * FROM users WHERE id=" + userId;2taint propagationSINKUserDAO.java : 45statement.execute(query);3
1

Source

The point where untrusted data enters the application -- typically user input from HTTP requests, file uploads, or external APIs.

2

Propagation

Intermediate steps where tainted data is passed through variables, method calls, and transformations without proper sanitization.

3

Sink

The dangerous function where tainted data is consumed -- such as database queries, OS commands, or HTML rendering.

Vulnerability Details

Each detected vulnerability includes a comprehensive detail card providing everything security teams and developers need to understand and remediate the issue, including CWE references, remediation guidance, and compliance mapping.

SQL InjectionCriticalCWE-89Confidence: HighDescriptionUser-supplied data is concatenated directly into an SQL query string withoutparameterization or sanitization. An attacker can manipulate the query to access,modify, or delete data, or execute administrative operations on the database.RemediationUse parameterized queries (prepared statements) instead of string concatenation:// Before (vulnerable)String query = "SELECT * FROM users WHERE id=" + userId;// After (secure)PreparedStatement ps = conn.prepareStatement("SELECT * FROM users WHERE id=?");Compliance MappingOWASP Top 10A03:2021 - InjectionPCI-DSSReq. 6.5.1SANS Top 25CWE-89 (#6)LocationFile:src/main/java/UserController.javaLine:142Category:Input ValidationView FlowChange StateAdd Comment

Detail Card Contents

CWE reference and vulnerability classification
Clear description of the security risk
Remediation guidance with code examples
Compliance mapping (OWASP, PCI-DSS, SANS)

False-Positive Triage

Every vulnerability detected by GraphNode starts in a Not Audited state. The triage workflow enables security teams to review each finding and assign one of four states. This process helps teams focus on confirmed threats, filter noise from false positives, and track audit progress over time.

Vulnerability Triage StatesNot AuditedDefault state - pending reviewExploitableConfirmed vulnerabilitySuppressedAccepted risk, deferredFalse PositiveNot a real vulnerabilityPrimary transitionRe-triage (state change)
StateDescriptionAction
Not Audited Default state for all new findings. The vulnerability has not yet been reviewed by a security auditor.Needs review
Exploitable Confirmed as a real, exploitable vulnerability. Should be prioritized for remediation by the development team.Fix required
False Positive Reviewed and determined to not be a real security issue. The finding is a false alarm and requires no action.No action
Suppressed Known issue with accepted risk. The vulnerability is real but has been consciously deferred or accepted by the team.Risk accepted
Tip: Audit states are preserved across scans. When code is re-scanned, GraphNode carries forward your triage decisions so you do not need to re-audit previously reviewed findings.

Next Steps

Generate reports and explore analytics Send findings to Jira or your issue tracker Learn about scanning configuration and scheduling