Every scan produces findings with evidence, severity, and remediation guidance. SecAlly posts findings directly to GitHub (as PR review comments for PR scans, and issue comments for full scans).Documentation Index
Fetch the complete documentation index at: https://docs.secally.com/llms.txt
Use this file to discover all available pages before exploring further.
Severity levels
SecAlly follows CVSS scoring.- Critical: Immediate risk to sensitive data or authentication.
- High: Serious weakness that can be exploited with moderate effort.
- Medium: Security gaps that should be addressed in the next sprint.
- Low: Best-practice improvements and hardening.
What a finding includes
Findings include (when available):- A short title and detailed description
- CVSS severity and vectors
- Evidence snippets with file paths and line ranges
- OWASP Mobile Top 10 and CWE mappings with links to more details
Triage workflow
- Validate the finding (confirm the code path and impact in your context).
- Prioritize using severity and impact.
- Track work using your existing GitHub workflow (labels, assignees, linked issues, or tickets).
- Fix and verify with a follow-up PR scan (and optionally a full scan before release).