Skip to main content

Key Concepts

Projects

A logical sub-unit within a repository that Dam Secure discovers automatically, such as a backend service, frontend app, shared library, or root configuration. Rules and analysis are scoped at the project level, so a rule about API authentication only applies to projects that actually expose APIs, and a rule about UI input validation only applies to your frontend.

Projects panel showing the projects discovered inside an onboarded repository

Rules

A plain-language security requirement that Dam Secure evaluates against your code, such as "Encrypt PII at rest using field-level encryption."

Each rule belongs to a category (e.g. Cryptography & Key Management) and is mapped to the projects where it applies.

When a rule is violated, Dam Secure raises an Issue containing the offending code, an explanation, and a severity rating, so engineers can see exactly what failed and why.

Example rule definition showing title, category, severity, and applied projects

Issues

  • Issue: A finding that one of your Rules has been violated within a specific project. Each Issue carries the violated rule, a severity, and a list of every location in the project where the rule was broken. Issues move through a triage workflow (Open, Confirmed, Fixed, Dismissed) so remediation progress is visible and auditable.
  • Sub-issue: A single occurrence inside an Issue, tied to a specific file and line range, with the offending code as evidence and a plain-language explanation. Sub-issues are triaged one at a time, which is how engineers separate confirmed problems from false positives without losing context on the rest of the issue.

Issues view showing an issue and its associated sub-issues with file/line locations