Cyver Core offers a JSON importer for AppCheck vulnerability scanning results. To use it, simply export your AppCheck findings as a JSON file and import them directly into Cyver Core from the Import Findings tab. The importer supports the standard format provided by AppCheck.
Cyver Core also supports automation of AppCheck imports via API, allowing you to streamline your workflow and ensure findings are continuously updated across your projects.
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated | |
| Title | { "title": "Sensitive file/component published: .env" } | |
| Type | Vulnerability Observation | |
| Assets | { "web_app": "https://amazon.tribepad-gro.com" } | |
| Description | { "description": "A known sensitive file was found to be published within a publicly accessible web directory. Depending on the file it could disclose sensitive data such as user credentials and configuration data." } | |
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info | |
| CVSS20Score | { "cvss_score": 7.8, } | |
| CVSS20Vector | { "cvss_vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N" } | |
| CVSS30Score | { "cvss_v3_base_score": 7.5, } | |
| CVSS30Vector | { "cvss_v3_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } | |
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | { "cvss_v4_base_score": 0.0, } | |
| CVSS40Vector | { "cvss_v4_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" } | |
| Impact | 0 1 2 3 4 5 default: 0 | { "impact": "4.0-high" } |
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 | { "probability": "4.0-high" } |
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion | |
| CWEList | for example: CWE-1; CWE-721 | |
| CVEList | for example: CVE-1; CVE-721 | |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | ||
| Recommendation | { "solution": "Remove or restrict access to the file." } | |
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft | |
| Evidence Title | { "target": "/.env" } | |
| Evidence Location | { "attack": "https://amazon.tribepad-gro.com/.env" } | |
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).