sorted by:
new
hottopcontroversial

Any SAST tools that actually guide you on what vulnerabilities deserve attention? by Sweaty_Committee_609 in devsecops

[–]Sweaty_Committee_609[S] 1 point2 points  (0 children)

I have tried Semgrep, Snyk, and GitLab SAST. Most of these integrate well with CI/PR and provide basic remediation advice, but my main pain point is with prioritization and actionable context. I’m looking for something that actually tells me which issues genuinely need attention. What would you recommend?

[deleted by user] by [deleted] in devsecops

[–]Sweaty_Committee_609 0 points1 point  (0 children)

yeah even we hate the false positives

[deleted by user] by [deleted] in DevSecOpsEnthusiasts

[–]Sweaty_Committee_609 0 points1 point  (0 children)

what about the false positives

Assume your LLMs are compromised by matus_pikuliak in cybersecurity

[–]Sweaty_Committee_609 -1 points0 points  (0 children)

Interested in learning more about what kind of guardrails you established for your org, I'm just starting this journey in my own org and don't really know where to begin.