We have set up Sonarcloud in our pipelines a while ago, and lately, we were aware of SQLi that were not detected by the tool. I don’t feel comfortable sharing more details in public and we are paying for the tool, so can you help please?
Hello Ali and welcome to the community!
I will establish a private message where you can share the details. Please follow this description when sending me the details: How to Report a False-positive / False-negative
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.