This code adds auto-deduplication of static analysis findings based on source_code_file, source_code_line, and type of finding.
Secondarily, by keeping track of what vulnerabilities are new or existing, we can remove vulneralbities associated with a task which are no longer found. Support for auto-remediation was added to both Bandit and Brakeman static analyzers.
This code adds auto-deduplication of static analysis findings based on source_code_file, source_code_line, and type of finding.
Secondarily, by keeping track of what vulnerabilities are new or existing, we can remove vulneralbities associated with a task which are no longer found. Support for
auto-remediation
was added to both Bandit and Brakeman static analyzers.