2 items tagged with "static-analysis"
Run static application security testing on every pull request, fail the build on high-severity findings, and report results as SARIF.
Reachability analysis determines whether the vulnerable code inside a dependency is actually invoked by your application, separating exploitable findings from theoretical ones.