Mixed programming languages lead to only one being analyzed

mercedes-benz / sechub

SecHub provides a central API to test software with different security tools.

https://mercedes-benz.github.io/sechub/

MIT License

263 stars 63 forks source link

Mixed programming languages lead to only one being analyzed #280

Closed ghost closed 4 years ago

ghost commented 4 years ago

Hello sechub-team, we have a project, where both Go and Kotlin (and .html) files are used (subfolder/-projects). When running the code analysis, only one language is analyzed. Can this be adjusted, or is it necessary to run the client several times (once for each language) and only for one part of the project at a time?

^{Till Hoffmann [till.hoffmann@daimler.com](mailto:till.hoffmann@daimler.com) Daimler AG on behalf of Daimler TSS GmbH. Imprint}

sven-dmlr commented 4 years ago

The behavior you observed has nothing to do with SecHub. SecHub always passes all uploaded sources to the scan backend(s).

So the findings completely depend on the quality of the scan backends. Closing this issue.

^{Sven Dolderer sven.dolderer@daimler.com, Daimler TSS GmbH, imprint}