📖
Typo Help Docs
  • Welcome
  • Getting Started
    • Onboarding
    • Integrations
      • Git
        • GitHub
        • GitLab
        • BitBucket
        • Azure Repos
        • Gitlab On-prem
      • Issue Tracker
        • JIRA
        • Linear
        • GitHub Issue
        • Shortcut
        • ClickUp
      • CI/CD Tool
        • Circle CI
        • Jenkins
        • Heroku
        • GitHub Actions
        • Azure DevOps
        • Custom Deployment Webhook
      • Slack
    • How Requestly setup Typo in a few days
  • Platform
    • Dev Analytics
      • DORA
      • Insights
        • Teams
        • Members
        • Sprints
        • Pull Requests
        • Deployments
      • Incident
      • Goals
      • Investment
      • Initiative
      • WorkLog
      • Custom Reports
      • Settings
        • Teams
        • Member
        • Repository
        • Projects
        • Manage Access
        • Notifications
    • Code Health
      • Code Review
      • Code Coverage
    • DevEx
  • Implementation Plan
    • Phase 1 - Setting Up Data Sources
    • Phase 2 - Metric Configuration
      • Dev360
      • Code Health
      • DevEx
    • Phase 3 - Team Rollout
  • Engineering Metrics
    • DORA
      • Cycle Time
      • Deployment PRs
      • Change Failure Rate
      • Mean Time to Restore
    • Pull Request Metrics
      • Avg. Commits During PR Review
      • Coding Days
      • Coding Time
      • Merge frequency
      • Merge Time
      • Pickup Time
      • PR Size
      • PRs Merged without Review
      • Review Time
      • Efficiency Score
    • Sprint Metrics
      • Carry over
      • Developer Workload
      • Issue Cycle Time
      • Issues At-Risk
      • Scope creep
      • Team Velocity
      • Work Breakup
      • Work Progress
    • Code Quality Metrics
      • OWASP Top 10
      • Vulnerability
      • Security
      • Performance
      • Duplication
      • Code Smell
    • Deployment Metrics
      • Deployment - Failure
      • Deployment - Frequency
      • Time to Build
    • Incident Metrics
      • Incident - Opened
      • Avg Resolution Time
    • DevEx Metrics
      • DevEx Score
      • Space mood
      • Response Rate
      • Manager Support
      • Developer Flow
      • Product Management
      • Development & Releases
      • Culture & Values
  • Configurations
    • Cycle Time
    • Deployment PRs
    • Change Failure Rate (CFR)
    • Mean Time To Restore (MTTR)
    • CI/CD - Deployment
    • Incident
    • Initiative
    • Investment Distribution
    • PR Labels
    • Code Health
    • Code Coverage
    • DevEx
    • Notifications
    • Manage Access
  • FAQ's
    • Data Security
      • GitHub App Permissions Details
      • Why does Typo need write permission to my code?
      • Does Typo has access to my code?
      • What data security guidelines does Typo follow?
    • Integrations
      • Can Typo application work with on-prem Gitlab?
      • How do I get Issue Tracker data?
      • How do I get Git data?
    • Pricing
      • How does the pricing work?
      • How do I upgrade my plan?
    • Access Management
      • My team member is not able to login to Typo
    • Metrics
      • Is there a way to change the branch that Deployment PRs are measured against?
      • Synchronize “CFR” & “MTTR” without incident management?
      • How quick does the pull-request page update? I closed a PR but the Typo still shows Awaiting Review
      • How do I add any new repo?
      • How to Configure Typo Code Health Checks to Block a PR Merge in Git
      • Can I exclude a person from metrics calculation?
      • Can I track the Cycle time based on the status of the JIRA tickets?
      • How do I unlink the JIRA tracker & integrate Linear?
      • How to exclude a PR from any metric calculation?
      • My data is not visible, I have synced the repo
    • Platform
      • Can I use your application on-premise?
    • Delete Account
      • How can I delete my account?
Powered by GitBook
On this page
  1. Engineering Metrics
  2. Code Quality Metrics

Vulnerability

PreviousOWASP Top 10NextSecurity

Last updated 8 months ago

In code reviews, vulnerability issues refer to potential weaknesses in the software that could be exploited by attackers to gain unauthorized access, steal data, or disrupt its functionality.

These vulnerabilities often arise from mistakes in coding, such as failing to properly validate user input or securely handle sensitive data. Common vulnerability types include injection flaws, where attackers can insert malicious code into the application, and cross-site scripting (XSS), which allows attackers to execute scripts in a user's browser. Other vulnerabilities include insecure authentication mechanisms, where passwords or tokens are not adequately protected, and insecure direct object references, which could allow unauthorized access to restricted resources.

Identifying and addressing these vulnerabilities during code review is essential to enhance the security of the software and protect it from potential threats. By fixing these issues early in the development process, developers can minimize the risk of security breaches and ensure that the software remains safe for users to use.

Managing rules for vulnerability-type issues

You can manage these from the Settings > Code health > Rules.

You can filter these pre-defined rules based on severity, language, and type. Additionally, you have the option to toggle individual rules on and off to mark them as active or inactive. Once deactivated, the respective issue will no longer be highlighted during subsequent reviews.