search

mercedes-benz / sechub

SecHub provides a central API to test software with different security tools.
https://mercedes-benz.github.io/sechub/
MIT License
259 stars 58 forks source link

Update docs for false positive scanning #1150

Open ddauer opened 2 years ago

ddauer commented 2 years ago

Situation

Docs currently list NOSECHUB-END as comment tag, e.g. https://mercedes-benz.github.io/sechub/latest/sechub-techdoc.html#code-centric

Wanted

Should be END-NOSECHUB (cf. https://github.com/mercedes-benz/sechub/search?q=END-NOSECHUB)

de-jcup commented 2 years ago

@ddauer : Thanx for reporting.

At the moment the feature (false positives by codescan) cannot really be used (only false-posiitve by REST works) because the necessary "analyzer phase" and the corresponding PDS solution for the sechub-analyzer-cli are not in implemented yet.

Anyway this is bug - either we should change the tag to "NOSECHUB-END" inside code or change the documentation. @Jeeppler : we must handle this before we start PDS solution for sechub-analyzer-cli and the analyze phase.

Jeeppler commented 2 years ago

@ddauer yes, "END-NOSECHUB" sounds better. Thanks for reporting.