Features
Findings & Severity
Understanding Assay's review findings and severity levels
Findings & Severity
Assay provides structured findings with clear severity levels and categorization to help you prioritize fixes.
Severity Levels
CRITICAL
Must fix before merge. These findings indicate:
- Exploitable security vulnerabilities
- Data loss or corruption risks
- Authentication/authorization bypass
- Potential for widespread outages
CRITICAL findings block merge in most CI workflows.
HIGH
Should fix before merge. These findings indicate:
- Significant correctness issues
- Security concerns likely to affect users
- Major performance degradation
- Breaking changes without migration path
MEDIUM
Recommended to fix. These findings indicate:
- Meaningful defects with limited scope
- Potential future issues
- Suboptimal implementations
- Missing edge case handling
LOW
Optional to fix. These findings indicate:
- Maintainability concerns
- Style inconsistencies
- Minor code quality issues
- No immediate user impact
INFO
Observations only. These findings indicate:
- Suggestions for improvement
- Alternative approaches to consider
- Educational notes
- Documentation opportunities
Finding Types
Each finding is categorized by type:
| Type | Icon | Description |
|---|---|---|
| BUG | Bug icon | Logic errors, incorrect behavior |
| SECURITY | Lock icon | Vulnerabilities, unsafe patterns |
| PERFORMANCE | Lightning icon | Inefficient code, resource issues |
| QUALITY | Sparkle icon | Code quality, best practices |
| BREAKING_CHANGE | Explosion icon | API/behavior changes |
| LOGIC | Brain icon | Algorithmic issues |
| DOCUMENTATION | Document icon | Missing/incorrect docs |
| SUGGESTION | Lightbulb icon | Improvements, refactoring |
Finding Structure
Every finding includes:
[TYPE] SEVERITY
File: path/to/file.ts:line-range
Title
Detailed description explaining the issue, why it matters,
and the potential impact.
Suggested Fix: Concrete recommendation for how to resolve
the issue, often including code examples.Example Findings
Security Finding
SECURITY | CRITICAL
File: src/api/users.ts:45-48
SQL Injection in User Query
User-supplied input is concatenated directly into the SQL
query without parameterization. An attacker could execute
arbitrary SQL commands.
Suggested Fix: Use parameterized queries:
db.query('SELECT * FROM users WHERE id = $1', [userId])Performance Finding
PERFORMANCE | MEDIUM
File: src/services/orders.ts:120-135
N+1 Query in Order Processing
Each order item triggers a separate database query inside
the loop. For 100 items, this results in 100 queries.
Suggested Fix: Batch fetch all items with a single query
using WHERE id IN (...) before the loop.Quality Finding
QUALITY | LOW
File: src/utils/helpers.ts:22
Unused Variable
The variable 'tempResult' is assigned but never used.
Suggested Fix: Remove the unused variable or use it in
the subsequent logic.Filtering Findings
In the dashboard review detail page, you can:
- Group by severity - See all CRITICAL first
- Filter by type - Show only SECURITY findings
- Expand/collapse - View details as needed
- Copy report - Export findings as markdown
CI Integration
Assay sets GitHub commit status based on findings:
| Highest Severity | Status | Merge Blocked |
|---|---|---|
| CRITICAL | Failure | Yes |
| HIGH | Failure | Yes (configurable) |
| MEDIUM | Success | No |
| LOW | Success | No |
| INFO | Success | No |
Configure blocking behavior in Repository Settings.