Managing Findings

Findings are secrets or potential secrets detected by Azath. Each finding is classified by severity and tracked through its lifecycle.

Severity Levels

CRITICAL

Active credentials with direct system access. AWS root keys, database URLs with passwords, payment keys. Rotate immediately.

HIGH

Service credentials and API keys with significant access. OAuth tokens, service account keys, private keys.

MEDIUM

Limited-scope credentials or potential secrets requiring investigation. Internal tokens, webhook secrets, configuration keys.

LOW

Low-risk patterns that may be false positives. Placeholder values, test credentials, public tokens.

INFO

Informational findings that may warrant review. High-entropy strings, suspicious variable names.

Finding Statuses

  • Open — detected and not yet addressed
  • Resolved — credential rotated or removed from codebase
  • False Positive — confirmed not a real secret
  • Ignored — acknowledged but deliberately not acted on

Remediating Findings

When you find a real secret:

  1. 1. Rotate the credential immediately in the provider dashboard
  2. 2. Remove it from your codebase and git history (git filter-repo or BFG)
  3. 3. Move the secret to a secrets manager or environment variables
  4. 4. Mark the finding as Resolved in the dashboard

◈ AI Verification

Findings with AI analysis include a confidence score (0–100). High-confidence findings are very likely real secrets. Low-confidence findings warrant manual review before marking as false positives.