Skip to main content



  • All issues that are identified by GuardRails engines are called findings. Only enabled rules qualify as a Vulnerability candidate.


Each Vulnerability will go through our expert system to determine if it's a false positive or not. More information on how to report false positives can be found here.

False Positives

  • A false positive is when a security issue was wrongly identified. We aim for zero false positives in GuardRails results.


  • A pull request (PR) is a term used by GitHub and Bitbucket. Read more about it here. A PR is also synonymous with a Merge Request (MR) in the GitLab lingo.


  • A secret is any of the following: API keys, cryptographic keys (e.g private keys), or passwords.


  • A Regular Expression is a sequence of characters that define a search pattern.