Skip to content
  • modules
  • reports
  • findings library

Findings Library

The Findings Library serves as a centralized repository for security findings in SPEAR. It provides structured storage for vulnerabilities, weaknesses, and strengths, along with sophisticated auto-mapping rules to automatically categorize imported findings.

Overview

Section titled “Overview”

The Findings Library enables teams to:

  • Maintain a consistent library of security findings
  • Standardize vulnerability descriptions and remediation guidance
  • Automatically map imported scan results to custom findings
  • Organize findings into logical categories
  • Track validation status and quality control

Vulnerabilities

Section titled “Vulnerabilities”
🖥️ Vulnerabilities List Interface Screenshot

Vulnerabilities represent specific security issues that can be exploited. They form the core of security assessments and reports.

Fields

Section titled “Fields”
FieldTypeDescription
TitleTextDescriptive name of the vulnerability
DescriptionRich TextDetailed technical description
ObservationRich TextWhat was observed during testing
Risk AssessmentRich TextImpact analysis and risk evaluation
RemediationRich TextSteps to fix the vulnerability
SeveritySelectCritical, High, Medium, Low, Informational
CVSS ScoreNumberCommon Vulnerability Scoring System (0.0-10.0)
CVSS VectorTextCVSS vector string for score calculation
CVE IDsArrayAssociated Common Vulnerabilities and Exposures
CWE IDsArrayAssociated Common Weakness Enumeration
CategoryRelationOrganizational category
ReferencesArrayExternal reference links
isPrebuiltBooleanSystem-provided vs. user-created

Validation Workflow

Section titled “Validation Workflow”

Vulnerabilities progress through validation states:

StateDescription
draftInitial state, finding created but not validated
validatedFinding reviewed and approved for use
rejectedFinding rejected, requires revision

Import Sources

Section titled “Import Sources”

SPEAR supports importing vulnerabilities from major security tools:

ToolFormatDescription
Burp SuiteXML, HTMLWeb application scanner results
NodeZeroCSVAutonomous penetration testing
NexposeXMLRapid7 vulnerability scanner
BloodHoundZIPActive Directory attack paths
NessusXMLTenable vulnerability scanner
NucleiJSONTemplate-based scanning
SPEAR FormatJSONStandardized import format

Routes

Section titled “Routes”
  • List: frontend/src/routes/console/reports/findings/vulnerabilities/+page.svelte
  • Detail: frontend/src/routes/console/reports/findings/vulnerabilities/[id]/+page.svelte

Weaknesses

Section titled “Weaknesses”
🖥️ Weaknesses Management Interface Screenshot

Weaknesses represent broader security issues that aren’t tied to specific exploitable vulnerabilities. They describe systemic problems or gaps in security controls.

Fields

Section titled “Fields”
FieldTypeDescription
TitleTextDescriptive name of the weakness
DescriptionRich TextDetailed description of the weakness
ImpactRich TextPotential business impact
RecommendationsRich TextSuggested improvements
CategoryRelationOrganizational category
SeveritySelectCritical, High, Medium, Low, Informational

Use Cases

Section titled “Use Cases”
  • Missing security controls (e.g., no MFA enforcement)
  • Process deficiencies (e.g., lack of patch management)
  • Configuration issues (e.g., default credentials policy)
  • Compliance gaps (e.g., missing audit logging)

Routes

Section titled “Routes”
  • List: frontend/src/routes/console/reports/findings/weaknesses/+page.svelte
  • Detail: frontend/src/routes/console/reports/findings/weaknesses/[id]/+page.svelte

Strengths

Section titled “Strengths”
🖥️ Strengths Interface Screenshot

Strengths represent positive security findings and good practices observed during assessments. They provide balanced reporting by highlighting what the organization does well.

Fields

Section titled “Fields”
FieldTypeDescription
TitleTextDescriptive name of the strength
DescriptionRich TextDetailed description
Value PropositionRich TextWhy this is beneficial
CategoryRelationOrganizational category

Use Cases

Section titled “Use Cases”
  • Effective security controls (e.g., robust input validation)
  • Good practices (e.g., regular security training)
  • Strong configurations (e.g., hardened server settings)
  • Mature processes (e.g., incident response procedures)

Routes

Section titled “Routes”
  • List: frontend/src/routes/console/reports/findings/strengths/+page.svelte
  • Detail: frontend/src/routes/console/reports/findings/strengths/[id]/+page.svelte

Categories

Section titled “Categories”

Categories organize findings into logical groups for easier management and reporting.

Default Categories

Section titled “Default Categories”
  • Web Application Security
  • Network Security
  • Infrastructure Security
  • Physical Security
  • Social Engineering
  • Mobile Application Security
  • Cloud Security
  • Identity and Access Management

Custom Categories

Section titled “Custom Categories”

Create custom categories to match your organization’s taxonomy:

  1. Navigate to Reports > Findings > Categories
  2. Click New Category
  3. Enter name and optional description
  4. Assign color for visual identification

Routes

Section titled “Routes”
  • Management: frontend/src/routes/console/reports/findings/categories/+page.svelte

Auto-Mapping Rules

Section titled “Auto-Mapping Rules”
🖥️ Auto-Mapping Rules Configuration Screenshot

Auto-mapping rules automatically map imported vulnerabilities from scanning tools to your custom findings library. This ensures consistency and saves time when processing large scan results.

How It Works

Section titled “How It Works”
  1. Vulnerabilities are imported from external tools
  2. Auto-mapping rules evaluate each imported finding
  3. Matching rules link imported findings to library entries
  4. Mapped findings inherit standardized descriptions and remediation

Match Criteria

Section titled “Match Criteria”

Rules can match on multiple criteria:

CriterionMatch TypeDescription
TitleFuzzy/ExactMatch vulnerability title patterns
CVE IDExactMatch specific CVE identifiers
CWE IDExactMatch CWE identifiers
SeverityExactMatch severity level
CategoryExactMatch finding category
Source ToolExactMatch import source

Rule Priority

Section titled “Rule Priority”

Rules are evaluated in priority order (lower number = higher priority). The first matching rule wins.

Creating Rules

Section titled “Creating Rules”
  1. Navigate to Reports > Findings > Auto-Mapping
  2. Click New Rule
  3. Configure match criteria:
    • Set title pattern (supports wildcards)
    • Add CVE/CWE filters
    • Select severity constraints
  4. Select target finding from library
  5. Set priority (default: 100)
  6. Test rule against sample data
  7. Save and activate

Testing Rules

Section titled “Testing Rules”

Before activating, test rules against existing imported data:

  1. Click Test Rule on the rule editor
  2. Review matched findings
  3. Verify false positive rate
  4. Adjust criteria as needed

Implementation Reference

Section titled “Implementation Reference”
  • Page: frontend/src/routes/console/reports/findings/auto-mapping/+page.svelte
  • Service: frontend/src/lib/services/mapping-rules.service.ts

Findings Review

Section titled “Findings Review”
🖥️ Findings Review Workflow Screenshot

The review workflow provides bulk validation capabilities for quality control.

Review Process

Section titled “Review Process”
  1. Navigate to Reports > Findings > Review
  2. Filter by status (draft, pending review)
  3. Select findings for bulk review
  4. Apply validation decision:
    • Approve - Mark as validated
    • Reject - Mark for revision
    • Request Changes - Add notes and return to author

Bulk Operations

Section titled “Bulk Operations”
  • Select multiple findings with checkboxes
  • Apply same validation status to all selected
  • Add shared validation notes
  • Assign to reviewer

Routes

Section titled “Routes”
  • Review: frontend/src/routes/console/reports/findings/review/+page.svelte

Integration with Reports

Section titled “Integration with Reports”

Inserting Findings

Section titled “Inserting Findings”

Findings from the library can be inserted into reports:

  1. Open report section editor
  2. Access findings picker (toolbar button)
  3. Search or browse library
  4. Select finding(s) to insert
  5. Content populates in editor

Linked vs. Copied

Section titled “Linked vs. Copied”
  • Linked - Changes to library finding update report
  • Copied - Finding content copied, no ongoing link

Findings Sections

Section titled “Findings Sections”

Report templates can include dedicated findings sections that:

  • Display findings table with severity breakdown
  • Auto-populate from mapped operations data
  • Support custom grouping and sorting

Best Practices

Section titled “Best Practices”

Maintain Consistent Naming

Section titled “Maintain Consistent Naming”

Use clear, consistent naming conventions for findings:

  • Start with the issue type (e.g., “SQL Injection in…”)
  • Include affected component or location
  • Avoid overly generic titles

Write Actionable Remediation

Section titled “Write Actionable Remediation”

Remediation guidance should be:

  • Specific and actionable
  • Include code examples where appropriate
  • Reference best practices and standards
  • Provide verification steps

Use Categories Effectively

Section titled “Use Categories Effectively”
  • Group related findings logically
  • Don’t create overly granular categories
  • Review and consolidate periodically

Tune Auto-Mapping Rules

Section titled “Tune Auto-Mapping Rules”
  • Start with high-confidence exact matches
  • Add fuzzy matches for known variations
  • Monitor false positive/negative rates
  • Refine rules based on import results

Technical References

Section titled “Technical References”
ComponentLocation
Findings routesfrontend/src/routes/console/reports/findings/
Auto-mapping pagefrontend/src/routes/console/reports/findings/auto-mapping/+page.svelte
Mapping rules servicefrontend/src/lib/services/mapping-rules.service.ts
Backend findings APIbackend/api/findings/