Hi all,
We’ve just published a new blog post:
Most SAST tools target security compliance auditors. Their goal is to raise an issue for anything even remotely suspicious. There’s no fear of false positives for those tools because the auditors will figure it out; after all it’s the auditors’ job to sort the wheat from the chaff and the signal from the noise. But for years now the rallying cry at SonarSource has been “Kill the noise!” As a developer-first company, we know there’s little tolerance among developers for crying wolf. So our guiding principle has been to prefer “reasonable” false negatives to raising false positives.
Read the rest in the blog
Ann