Looking for information on security analysis (SAST, vulnerabilities, and hotspots)

Hey there.

Philosophically, we would prefer to miss some true issues than flood users with false-positives. This is part of our developer-friendly approach – as soon as a tool starts making noise… it tends to be treated as noise.

That being said, we score very well across a number of benchmarks on a number of languages:

  • Java: 93% TPR (on average)
  • C#: 90% TPR (on average)
  • Python: 92% TPR (on average)

What language(s) are you trying to analyze? Have you run analyses on the main branch of the project? Are issues of other types appearing (Code Smells, Bugs)?

1 Like