[{"data":1,"prerenderedAt":525},["ShallowReactive",2],{"blog-getting-started/understanding-results":3},{"id":4,"title":5,"body":6,"category":501,"date":502,"dateModified":502,"description":503,"draft":504,"extension":505,"faq":506,"featured":504,"headerVariant":510,"image":511,"keywords":511,"meta":512,"navigation":513,"ogDescription":514,"ogTitle":511,"path":515,"readTime":516,"schemaOrg":517,"schemaType":518,"seo":519,"sitemap":520,"stem":521,"tags":522,"twitterCard":523,"__hash__":524},"blog/blog/getting-started/understanding-results.md","Understanding Your Security Scan Results",{"type":7,"value":8,"toc":481},"minimark",[9,13,19,32,37,40,68,72,77,80,86,91,105,109,112,117,121,135,139,142,147,151,165,169,172,177,181,195,199,204,207,213,219,223,226,231,242,246,254,259,267,271,323,332,336,339,372,375,403,425,437,449,452,469],[10,11,12],"p",{},"~\nYou'll understand this in 8 minutes",[14,15,16],"tldr",{},[10,17,18],{},"Scan results are organized by severity: Critical (fix immediately), High (fix today), Medium (fix this week), Low (ongoing improvement). Each finding shows what's wrong, why it matters, and how to fix it. Start with Critical issues, especially exposed secrets and missing database security. Re-scan after fixes to verify.",[20,21,22,29],"definition-box",{},[10,23,24,28],{},[25,26,27],"strong",{},"CheckYourVibe defines security severity levels"," as a prioritization framework that helps you focus on what matters most. Critical issues can be exploited right now with serious consequences. High severity issues are exploitable but require more effort. Medium issues represent real risks that should be addressed. Low severity findings are best practices and hardening recommendations.",[10,30,31],{},"This severity framework aligns with industry standards and is calibrated for vibe-coded applications.",[33,34,36],"h2",{"id":35},"reading-your-results-dashboard","Reading Your Results Dashboard",[10,38,39],{},"After your scan completes, you'll see a dashboard summarizing all findings. The most important sections are:",[41,42,43,50,56,62],"ul",{},[44,45,46,49],"li",{},[25,47,48],{},"Summary Score:"," An overall security rating for quick assessment",[44,51,52,55],{},[25,53,54],{},"Issue Breakdown:"," Count of issues by severity level",[44,57,58,61],{},[25,59,60],{},"Issue List:"," Detailed findings with explanations and fixes",[44,63,64,67],{},[25,65,66],{},"Trend:"," How your security has changed over time (for repeat scans)",[33,69,71],{"id":70},"severity-levels-explained","Severity Levels Explained",[73,74,76],"h3",{"id":75},"critical-severity","Critical Severity",[10,78,79],{},"These issues can be exploited right now with serious consequences. Someone scanning the internet could find and abuse these within hours.",[10,81,82,85],{},[25,83,84],{},"Fix timeline:"," Immediately (within minutes)",[10,87,88],{},[25,89,90],{},"Common examples:",[41,92,93,96,99,102],{},[44,94,95],{},"API keys exposed in frontend code or committed to git",[44,97,98],{},"Database without Row Level Security (anyone can read all data)",[44,100,101],{},"Authentication completely bypassable",[44,103,104],{},"Admin panels accessible without login",[73,106,108],{"id":107},"high-severity","High Severity",[10,110,111],{},"Serious vulnerabilities that could lead to data breaches or system compromise. These require some skill to exploit but are well-known attack patterns.",[10,113,114,116],{},[25,115,84],{}," Within 24 hours",[10,118,119],{},[25,120,90],{},[41,122,123,126,129,132],{},[44,124,125],{},"SQL injection vulnerabilities",[44,127,128],{},"Cross-site scripting (XSS) in user inputs",[44,130,131],{},"Weak or missing authentication on sensitive endpoints",[44,133,134],{},"Insecure direct object references (IDOR)",[73,136,138],{"id":137},"medium-severity","Medium Severity",[10,140,141],{},"Security weaknesses that don't immediately lead to compromise but weaken your overall security posture. Often configuration issues.",[10,143,144,146],{},[25,145,84],{}," Within a week",[10,148,149],{},[25,150,90],{},[41,152,153,156,159,162],{},[44,154,155],{},"Missing security headers (CSP, HSTS)",[44,157,158],{},"Overly permissive CORS settings",[44,160,161],{},"Weak session configuration",[44,163,164],{},"Missing rate limiting on sensitive endpoints",[73,166,168],{"id":167},"low-severity","Low Severity",[10,170,171],{},"Best practice recommendations that improve security but aren't urgent. These are the \"nice to have\" items.",[10,173,174,176],{},[25,175,84],{}," When convenient",[10,178,179],{},[25,180,90],{},[41,182,183,186,189,192],{},[44,184,185],{},"Verbose error messages in production",[44,187,188],{},"Missing subresource integrity on CDN scripts",[44,190,191],{},"Outdated (but not vulnerable) dependencies",[44,193,194],{},"Suboptimal cookie settings",[33,196,198],{"id":197},"common-findings-and-what-they-mean","Common Findings and What They Mean",[200,201,203],"h4",{"id":202},"exposed-api-key-in-frontend","Exposed API Key in Frontend",[10,205,206],{},"const stripe = Stripe('sk_live_xxxx...');",[10,208,209,212],{},[25,210,211],{},"What it means:"," Your secret Stripe key is visible to anyone viewing your website's source code. Attackers can use this to make charges, access customer data, or cause financial damage.",[10,214,215,218],{},[25,216,217],{},"How to fix:"," Move the key to a server-side environment variable and never expose secret keys to the frontend.",[200,220,222],{"id":221},"missing-row-level-security","Missing Row Level Security",[10,224,225],{},"// Supabase table 'users' has RLS disabled",[10,227,228,230],{},[25,229,211],{}," Anyone with your Supabase URL and anon key (both are public) can read, update, or delete all data in this table.",[10,232,233,235,236,241],{},[25,234,217],{}," Enable RLS and create policies that restrict access. See our ",[237,238,240],"a",{"href":239},"/blog/how-to/setup-supabase-rls","Supabase RLS guide",".",[200,243,245],{"id":244},"sql-injection-in-query","SQL Injection in Query",[10,247,248,249,253],{},"db.query(",[250,251,252],"code",{},"SELECT * FROM users WHERE id = ${userId}",");",[10,255,256,258],{},[25,257,211],{}," User input is directly inserted into the SQL query. Attackers can manipulate this to access unauthorized data or destroy your database.",[10,260,261,263,264],{},[25,262,217],{}," Use parameterized queries: ",[250,265,266],{},"db.query('SELECT * FROM users WHERE id = $1', [userId])",[33,268,270],{"id":269},"prioritizing-your-fixes","Prioritizing Your Fixes",[272,273,274,287],"table",{},[275,276,277],"thead",{},[278,279,280,284],"tr",{},[281,282,283],"th",{},"If You Have",[281,285,286],{},"Priority Action",[288,289,290,299,307,315],"tbody",{},[278,291,292,296],{},[293,294,295],"td",{},"Critical issues",[293,297,298],{},"Stop everything and fix these now. They're actively exploitable.",[278,300,301,304],{},[293,302,303],{},"Only High issues",[293,305,306],{},"Address today before continuing development.",[278,308,309,312],{},[293,310,311],{},"Only Medium/Low",[293,313,314],{},"You're in reasonable shape. Fix Medium issues before launch.",[278,316,317,320],{},[293,318,319],{},"No issues",[293,321,322],{},"Great! Set up regular scans to maintain this.",[324,325,326],"tip-box",{},[10,327,328,331],{},[25,329,330],{},"After fixing issues:"," Run another scan to verify your fixes worked. It's common for fixes to be incomplete or to accidentally introduce new issues.",[33,333,335],{"id":334},"what-if-i-dont-understand-a-finding","What If I Don't Understand a Finding?",[10,337,338],{},"Each finding in your results includes:",[340,341,342,348,354,360,366],"ol",{},[44,343,344,347],{},[25,345,346],{},"Description:"," What the issue is in plain English",[44,349,350,353],{},[25,351,352],{},"Impact:"," What could happen if exploited",[44,355,356,359],{},[25,357,358],{},"Location:"," Exactly where in your code the issue exists",[44,361,362,365],{},[25,363,364],{},"Fix guidance:"," Step-by-step instructions to resolve it",[44,367,368,371],{},[25,369,370],{},"Learn more:"," Links to detailed tutorials",[10,373,374],{},"If you're still unsure, search our blog for the issue type. We have detailed guides for every common vulnerability.",[376,377,378,385,391,397],"faq-section",{},[379,380,382],"faq-item",{"question":381},"What does Critical severity mean?",[10,383,384],{},"Critical severity means the issue can be exploited right now with serious consequences. Examples include exposed API keys, missing database security, and authentication bypass. These need to be fixed immediately, ideally within minutes of discovery.",[379,386,388],{"question":387},"Should I fix all issues before launching?",[10,389,390],{},"At minimum, fix all Critical and High severity issues before launching. Medium issues should be fixed soon after. Low severity issues are best practices that improve security but aren't urgent. Prioritize based on impact and likelihood of exploitation.",[379,392,394],{"question":393},"What if I get a false positive?",[10,395,396],{},"False positives can happen. If you're confident a finding is incorrect, you can mark it as a false positive in your dashboard. However, it's worth double-checking first. Sometimes what looks like a false positive is actually a real issue that's not immediately obvious.",[379,398,400],{"question":399},"Why did my score change after fixing issues?",[10,401,402],{},"Your security score updates based on the current state of your codebase. Fixing issues improves your score. However, the score can also decrease if you introduce new vulnerabilities or if new types of checks are added to the scanner.",[404,405,407,411],"step",{"number":406},"1",[33,408,410],{"id":409},"where-to-go-next","Where to Go Next",[404,412,413],{"number":406},[404,414,415,418,422],{"number":406},[10,416,417],{},"Start Fixing",[73,419,421],{"id":420},"_5-minute-quick-wins","5-Minute Quick Wins",[10,423,424],{},"Easy fixes you can implement immediately based on your results.",[404,426,427,430,434],{"number":406},[10,428,429],{},"Critical Issue",[73,431,433],{"id":432},"how-to-secure-api-keys","How to Secure API Keys",[10,435,436],{},"Step-by-step guide to fixing exposed secrets.",[404,438,439,442,446],{"number":406},[10,440,441],{},"Reference",[73,443,445],{"id":444},"security-glossary","Security Glossary",[10,447,448],{},"Don't understand a term in your results? Look it up here.",[10,450,451],{},"::\n::",[453,454,455,461,465],"related-articles",{},[456,457],"related-card",{"description":458,"href":459,"title":460},"Fast fixes for common issues","/blog/getting-started/quick-wins","5-Minute Security Quick Wins",[456,462],{"description":463,"href":464,"title":433},"Fix the #1 critical issue","/blog/how-to/secure-api-keys",[456,466],{"description":467,"href":239,"title":468},"Fix database security issues","How to Set Up Supabase RLS",[470,471,474,478],"cta-box",{"href":472,"label":473},"/","Run New Scan",[33,475,477],{"id":476},"need-a-fresh-scan","Need a Fresh Scan?",[10,479,480],{},"Re-scan after making changes to verify your fixes worked.",{"title":482,"searchDepth":483,"depth":483,"links":484},"",2,[485,486,493,494,495,496,500],{"id":35,"depth":483,"text":36},{"id":70,"depth":483,"text":71,"children":487},[488,490,491,492],{"id":75,"depth":489,"text":76},3,{"id":107,"depth":489,"text":108},{"id":137,"depth":489,"text":138},{"id":167,"depth":489,"text":168},{"id":197,"depth":483,"text":198},{"id":269,"depth":483,"text":270},{"id":334,"depth":483,"text":335},{"id":409,"depth":483,"text":410,"children":497},[498,499],{"id":432,"depth":489,"text":433},{"id":444,"depth":489,"text":445},{"id":476,"depth":483,"text":477},"getting-started","2026-01-09","Learn how to interpret your security scan results. Understand severity levels, prioritize fixes, and take action on each finding in your vibe-coded app.",false,"md",[507,508,509],{"question":381,"answer":384},{"question":387,"answer":390},{"question":393,"answer":396},"green",null,{},true,"Learn how to interpret security scan results and prioritize fixes.","/blog/getting-started/understanding-results","8 min read","[object Object]","BlogPosting",{"title":5,"description":503},{"loc":515},"blog/getting-started/understanding-results",[],"summary_large_image","KQTh_zQ_2CmAscyV412cgYIt1YUJwMkcX_fDZsOauZY",1775843921715]