Product Documentation
Search…
Welcome To Reshift
Getting Started
Scan Your First Project
Signing Up Using GitHub
Signing Up Using Bitbucket
Signing Up Using GitLab
Scanning Maven Projects
Scanning Gradle Projects
Granting Reshift GitHub Organization Access After Signing up
Setting Projects Up Using NPM
Integrations
GitHub Actions [JavaScript]
GitHub Actions [Java]
Circle CI
Jenkins
GitLab
Analysis Engine
Java Security Rules
JavaScript Security Rules
Product Features
Code Review Workflow
Autofix
IDE plugins
IntelliJ IDE
Visual Studio Code
Reshift Security Model
Source Code Security in Reshift
User Authentication Mode in Reshift
Report Bundles and Call Graphs
User Data Flow
Common Questions and Answers
How do you ensure Reshift's own security?
How do I know my code is secure?
Why do you need access to my source code?
What permissions does reshift gain access to?
Can I try reshift without giving access to my source code?
Why do I need to sign up with GitHub, Bitbucket, or Gitlab?
Why might my scan be failing?
Can’t load code snippets?
Clean security report?
Account Settings
Permissions
Project Settings
Project Tokens
Security Gates
Reporting
Powered By
GitBook
Java Security Rules
Reshift Scans your custom Java code for security bugs, below are the security issues Reshift detects.
Security Issues
Severity
CWE
OWASP Top 10
PCI DSS
AWS Query Injection
Critical
943
A1
Code Execution
Critical
94
A1
Command Injection
Critical
78
A1
6.5.1
JSP Include Injection
Critical
917
A1
JSP Spring Eval
Critical
95
A1
SQL Injection
Critical
89
A1
6.5.1
XML External Entity Injection
Critical
611
A4
6.5.1
Reflected Cross-site Scripting
High
79
A7
DOM Cross-site Scripting
High
79
A7
Insecure Deserialization
High
502
A8
LDAP Injection
High
90
A1
6.5.1
Padding Oracle
High
463
A3
Path Tampering
High
73
Sensitive Data Exposure
High
798
A3
6.5.1
Stored Cross-site Scripting
High
79
A7
Template Injection
High
A1
6.5.1
Cross Site Request Forgery
Moderate
352
Denial of Service
Moderate
834
Insecure Crypto
Moderate
327
A3
Hardcoded Key
Moderate
321
A3
Header Injection
Moderate
20
A1
6.5.1
HTTP Parameter Pollution
Moderate
88
HTTP Response Splitting
Moderate
443
Information Leakage
Moderate
1230
A3
6.5.1
Insecure Data Storage
Moderate
922
A3
6.5.1
Insecure Logging
Moderate
312
A10
6.5.1
Parameter Tampering
Moderate
843
A5
RegEx Denial of Service
Moderate
400
RSA No Padding
Moderate
780
A3
Server Side Request Forgery
Moderate
918
Timing Attacks
Moderate
208
Unvalidated Redirect
Moderate
601
Using ECB Mode
Moderate
A3
Weak Hashing
Moderate
916
A3
XPath Injection
Moderate
643
A1
6.5.1
Integrations - Previous
GitLab
Next - Analysis Engine
JavaScript Security Rules
Last modified
1yr ago
Copy link