---
title: "AST Issues Overview"
slug: "ast-issues-overview"
description: "Understand how Traceable displays and organizes API security issues detected through scans. Learn how to use the Issues page to prioritize vulnerabilities, view severity trends, and manage risk across your API ecosystem."
updated: 2025-12-23T09:53:46Z
published: 2025-12-23T09:53:46Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt
> Use this file to discover all available pages before exploring further.

# AST Issues Overview

##### Updates (October 2025 to December 2025)

- *October 2025* — Updated the page to add information about issues detected in scans created using AI Scan Policies (Beta).

The **Issues**page serves as your central command center for monitoring API risks that Traceable has identified using the security testing scans. If you are responsible for the organization’s API security and want to view issues identified via AST scans, you log into Traceable and head over to the **Testing** → **Issues** page. This page serves as a hub where all potential vulnerabilities and risky patterns are identified through scans.

![Issues](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_ast_issues_overview.png)

Issues

## What will you Learn in this Topic?

By the end of this topic, you will understand:

- What **Issues** are, and how Traceable detects and displays them.
- The **key components** such as:
  - Visual charts for severity and status trends
  - Issue listings with column-level information
  - Grouping and Filtering options to organize and prioritize issues effectively

If you already have an understanding of these components and want to learn how you can drill down and manage an issue, see [Issue Management](/docs/ast-issue-management).

---

## What are Issues and how does Traceable Identify Them?

Issues are security gaps in your API definition that threat actors may exploit to attack your API infrastructure. Traceable identifies assets or API endpoints (including AI endpoints) and services in your environment through the [discovery process](/docs/api-discovery) in the Discovery module. Once identified, you can set up AST scans, and based on the policy you select, Traceable detects issues and shows them on the **Issues** page. For information on setting up a scan and policy, see [Creating a Scan](/docs/creating-scan) and [Policies](/docs/ast-policies), respectively.

> [!NOTE]
> Note
> 
> Traceable does not scan APIs for issues while they are in the learning phase.

---

## How is the Issues Page Helpful?

The **Issues** page provides a streamlined and intuitive experience to help you view issues, understand them in depth, conduct a risk assessment, and resolve them quickly. Even when you resolve an issue, Traceable continuously monitors the API endpoints as part of the scan. For more information, see [Journey of an Issue](/docs/ast-issues-overview#journey-of-an-issue).

Whether you are a security engineer, developer, or DevOps lead, Traceable gives you the visibility and control to secure your APIs effectively.

---

## Understanding Issues

The **Issues** page is a centralized hub for visualizing all vulnerabilities detected in **External**and **Internal APIs** tested as part of the AST scans. It provides a comprehensive overview of open issues, including their severity and key details such as the last time they were seen. This dashboard provides a clear snapshot of the system’s security risks identified during API Security Testing, helping you investigate and prioritize their resolution efficiently. To view the Issues page, navigate to **Testing** → **I****ssues**.

For information on how to drill down into an issue, manage its status, remediate it, and the rules around resolution and deletion, see [Issue Management](/docs/ast-issue-management).

### Issue Severity

Traceable categorizes detected issues based on their criticality and impact on your application ecosystem. The following are the categories in descending order of severity:

- **Critical** — Represents issues that pose the highest risk and require immediate remediation to prevent significant security breaches.
- **High** — Represents issues that may expose sensitive data or compromise system integrity if not addressed promptly.
- **Medium** — Represents moderate risks that may not be immediately exploitable but can still weaken security over time.
- **Low** — Represents minor issues with limited impact, and are often resolved during routine maintenance.
- **Informational** — Represents issues that do not pose a security risk, but provide context, such as configuration details, exposed metadata, and usage patterns.

### Key Components

The page contains key components that help you quickly assess and understand issues. Below are the main elements of the page and their significance:

![Issues Key Components](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_ast_issues_overview_key_components.png)

Issues Key Components

#### Visual Insights

At the top of the page, Traceable shows the following charts:

| Chart | Description |
| --- | --- |
| **Issues by Severity** | Shows the count of issues by severity (Severity Breakdown). You can click on the severity to filter the results based on your selection. |
| **Issues by Status** | Shows a trend of the open and resolved issues over the past 30 days. |

Collectively, the above charts provide an overview of your application’s security health and trends, based on which you can take the necessary actions.

#### **Issue Listings**

Each entry on the page represents a unique issue, when grouped by **Issue Name** (default), with each column providing the following details. If you wish to drill down into an issue and manage it individually according to your requirements, see [Navigating the Issues Flow](/docs/ast-issue-management#navigating-the-issues-flow).

| Column | Description |
| --- | --- |
| **Issue Name** | Specifies the issue's name, such as *Broken Object Level Authorization*. This name is used across the Traceable platform for identification purposes. |
| **Asset** | Specifies the asset (API, including AI APIs), for example, `PUT /identity/api/v2/user/videos/{video_id}` where Traceable observed the issue. This helps you focus on which parts of the infrastructure are targeted and may require additional security. |
| **Severity** | Each issue is categorized by color-coded labels, for example, Low, Medium, High, Critical, and Informational, allowing you to gauge its impact and urgency. This is helpful as it provides a way to prioritize issue resolution based on risk, focusing on high-severity issues that may require immediate attention, while lower-severity issues can be addressed as part of routine maintenance. |
| **Source** | Displays information about the origin of the issue, here AST. |
| **OWASP Classification** | Specifies the mapping to the OWASP security risks. This helps you understand and prioritize issues based on their global recognition. |
| **Last Seen** | Specifies the most recent occurrence of the issue. This helps you determine whether the issue is still active, has reappeared, or is no longer a threat. |
| **Status** | Displays the current status of the issue. This serves as a communication medium to indicate whether or not an issue requires prioritization. For more information on the available statuses, see [Issue Management](/docs/ast-issue-management). |
| **Integrations** | Displays the Jira icon. This helps you track an issue by creating a Jira ticket directly from the Traceable platform. > [!NOTE] > Note > > This icon is enabled only when you configure the Jira integration. For more information, see [Jira integration](/docs/jira). |
| **Actions** | Enables you to re-test the issue. Upon clicking, Traceable shows a pop-up window where you can run a scan using the terminal or the platform. |

#### Grouping, Filtering, and Additional Options

While Traceable groups the issues on the page based on their name, you can filter and group issues based on several criteria:

##### Group By

| Category | Description |
| --- | --- |
| **Issue Name** | Groups issues based on the specific issue. This helps you understand how widespread an issue is across environments and focus on resolving the most recurring issues. |
| **Category** | Groups issues based on broader classifications such as Authentication, Authorization, or JSON Web Token. This helps you analyze the issues from a broader level, as to which issues are most common across the system. |
| **OWASP API Top 10** | Groups issues based on their mapping in OWASP API Top 10 categories. This helps you align your analysis based on the recognized industry standards. |
| **Asset** | Groups issues based on the assets (endpoints) in which they were detected. This helps you analyze the risk exposure for endpoints and prioritize resolution based on them. |
| **Owner** | Groups issues based on the assigned owner of the API. This helps you direct these issues to the right individual or team for faster and effective resolution. For more information on ownership and its assignment, see A[PI Ownership](/docs/api-ownership). |
| **Label** | Groups issues based on the labels assigned to APIs. This helps you assess and prioritize issues by business function, risk, or internal tagging conventions. |
| **Domain** | Groups issues based on the domain of the API where the issue was detected. This helps you assess and prioritize issues by the application area or team affected. |

To group the issues using either of the above criteria, use the **Group by** drop-down, as shown in the image above.

##### Filters

The filters help you narrow down the issues based on options such as status, severity, source, timestamp, or sensitivity, allowing you to analyze them more effectively. To filter the issues based on your requirements, use the **Filter** (![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_filter_icon.png)) icon, as shown in the image above. Post-application, you can also save the filter for later use. The saved filters are visible under the **Filter** icon → **Saved** tab.

For information on managing issues based on the above groups and filters, see [Issue Management](/docs/ast-issue-management).

##### Additional Options

Apart from the above options, Traceable also provides the following features on the page:

- **Search** bar — Locate an issue by typing its name.
- **Visualization** toggle — Show or hide the visual insight section on the page.
- **Download** icon — Download the issue listings on the page for offline analysis.