Security findings show reachability tier and CWE class
Security finding reachability and CWE
Security Agent findings can include a vulnerability class, the CWE weakness title when known, and a reachability tier that helps reviewers understand whether the risky code path is directly reachable, conditionally reachable, or unlikely to be reached.
Security findings can also include a collapsed Reachability section with a plain-text path from the entry point to the sink, so reviewers can inspect the evidence without expanding the main comment by default. When the regular review and the dedicated security review find the same underlying issue, CodeRabbit may now post a single enriched comment instead of duplicate findings.
Dart pull request changes can now receive CodeGraph-based review context as well, including security reachability when applicable.
Fetched July 17, 2026


