Open source scanners

Hello Team,

Just curious to know if your analyzers use open-source SAST scanners like findsecbugs, bandit, gosec for your analysis?

Hey @bhuvi11 — great question! We do use some of these open-source analyzers behind the scene, but we eventually port all the issues raised by them to our own bespoke analysis framework, so we get more control over the behavior. This also helps us fix false-positive reports quickly.

At the moment, we already cover bandit and gosec in our analyzers, amongst many other SAST tools. Support for findsecbugs is in the roadmap.

Hey thanks a lot for your quick reply. This helps !