Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
It appears like only certain tools (bandit, gosec) respect the #nosec comment to filter out false positives. Find Security Bugs seems to be using @SuppressFBWarnings annotation. It will be nice to at least document the annotation and comments required to filter the check.
It appears like only certain tools (bandit, gosec) respect the #nosec comment to filter out false positives. Find Security Bugs seems to be using
@SuppressFBWarnings
annotation. It will be nice to at least document the annotation and comments required to filter the check.