July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Common issues in practice
There are many commercial and open source secure coding tools. Does any tool offer a low false positive rate with a high detection rate?
Answer: There are no perfect or outstanding tools that offer high detection rates with low false positive rates. Every tool offers a different scanning results. The high positive rate can also mean more conservative scanning, which identifies more potential or suspicious code issues. You will find the detection rate and scanning results also vary with different tools. Tool A may be able to detect an issue that tool B can't, and vice versa. In practice, it's also suggested to use at least two tools for code scanning as a cross-reference review.
The scanning results may list over ...