Skip to main content
The Security Audit tab on an assignment is a search tool for instructors. It scans the contents of every submission file in the assignment for a literal string match (case-insensitive substring), and returns a table of every file in which the string appears. It is useful for spotting things like a unique snippet of leaked solution code, a banned API call, a specific identifier, or a suspicious comment across the class. It is not a similarity detector, a plagiarism scorer, or a behavioral analytics dashboard. There is no automatic flagging, no clustering, no thresholds, and no comparison view — just full-text search across submission files.

Accessing the audit

From the assignment management page, click the Security Audit tab. The page is restricted to instructors; TAs and graders without the instructor role will see an “Access Denied” message. Enter a string in the search box and press Search All Submissions (or hit Enter). The search:
  • Is case-insensitive.
  • Matches as a substring anywhere in the file contents (no regex, no token boundaries).
  • Scans every submission_files row for the current assignment.
Searching a large class can take a few seconds while results stream in.

Results table

Each row represents one file that contains a match. The table includes:
  • Student name and email — linked to the matching submission.
  • Class section and lab section (or N/A).
  • Submission number — linked to the submission detail page.
  • Score — the autograder score for that submission, shown as a colored badge (green for full score, red for partial, gray for ungraded or 0/0).
  • File name — linked to the file on GitHub at the submission’s commit SHA, with the matched line number appended (e.g. Main.java (L42)).
  • Matched content — a short snippet of text around the first match.
  • View Output — opens a modal with the instructor-visible grader output for that submission, plus a link to the full grader results.
The header above the table shows the total number of matches and how many distinct submissions they came from.

Exporting results

Click Export All to CSV to download the full result set as a CSV. The export includes student name and email, class/lab section, submission ID and number, score, file name, line number, the GitHub blob URL, the matched snippet, and the search term used. This is the format to use when you need to attach evidence to an academic-integrity report or share findings with a co-instructor.

Interpreting matches

A match is not proof of misconduct. The search finds any file containing the string, including legitimate uses, starter code, library imports, and coincidental occurrences. Always open the submission and read the surrounding code before drawing any conclusions, and follow your institution’s academic-integrity process.
Practical tips:
  • Pick a string that is specific to whatever you are looking for. Searching for for will match every file in the class; searching for an unusual variable name, a distinctive comment, or a verbatim snippet from a leaked solution is more useful.
  • The snippet column shows only the first match in each file. Click through to the GitHub link to see all occurrences in context.
  • The score badge can help you triage — for example, an unusual high score combined with a match for a banned construct may be worth investigating first.