- All issues that are identified by GuardRails engines are called findings. Only enabled rules qualify as a Vulnerability candidate.
Each Vulnerability will go through our expert system to determine if it's a false positive or not. More information on how to report false positives can be found here.
- A false positive is when a security issue was wrongly identified. We aim for zero false positives in GuardRails results.
- A pull request (PR) is a term from GitHub. Read more about it here. A PR is also synonymous with a Merge Request (MR) in the GitLab lingo.
- A secret is any of the following: API keys, cryptographic keys (e.g private keys), or passwords.
- A Regular Expression is a sequence of characters that define a search pattern.