Universal suppressions support

AppThreat / sast-scan

Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

https://appthreat.io

MIT License

145 stars 21 forks source link

Universal suppressions support #12

Open prabhu opened 4 years ago

prabhu commented 4 years ago

It appears like only certain tools (bandit, gosec) respect the #nosec comment to filter out false positives. Find Security Bugs seems to be using @SuppressFBWarnings annotation. It will be nice to at least document the annotation and comments required to filter the check.

prabhu commented 4 years ago

https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html#_Toc16012617

3.27.23 suppressions property