cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DevSecOps: Detecting false positives in SAST and DAST scans and prioritizing

rswarnka
Helper

Hi there, Enterprise wide we have integrated SAST (sonarqube, checkmarx) and DAST (Qualys WAS, Qualys SSL) tools in our Azure devops CICD pipelines and these tools do generate false positives. 

Is there feature to focus the devs to fix only most critical and most probable exploits/bugs/vulnerabilities? 

 

 

2 REPLIES 2

ChadTurner
DynaMight Legend
DynaMight Legend

@rswarnka were you able to find a solution to this? if so could you please share it with the community? 

-Chad

Hi @ChadTurner oops missed this chat, as of no, not yet, meanwhile moved away from this project. But would be interesting to see someone answer this in future. Thanks !  

Featured Posts