cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DevSecOps: Detecting false positives in SAST and DAST scans and prioritizing

rswarnka
Helper

Hi there, Enterprise wide we have integrated SAST (sonarqube, checkmarx) and DAST (Qualys WAS, Qualys SSL) tools in our Azure devops CICD pipelines and these tools do generate false positives. 

Is there feature to focus the devs to fix only most critical and most probable exploits/bugs/vulnerabilities? 

 

 

0 REPLIES 0