Frequently Asked Questions (FAQ)

How does Mobb deal with False Positive SAST findings?

We designed Mobb to address all supported issues, irrespective of their exploitability level. For example, in the case of an injection-style vulnerability, if the user input isn't directly processed in a particular code segment and is erroneously flagged by SAST, it remains uncertain whether this vulnerable code might be copied or invoked from another section of the application later on, rendering it vulnerable. Our approach is to resolve the issue regardless. This ensures compliance with the SAST scanner, thereby benefiting both development and security teams.

How is Mobb licensed?

Mobb uses contributing developers as the licensing unit.

How does Mobb define contributing developers?

Mobb defines contributing developers as developers who, in the last 90 days, committed code to a repo Mobb is used to fix issues in.

How do I find out which fixes were previously committed?

Mobb retains a record of all previous commits and provides a link to the commit in both the report page as well as the fix page. Simply look for the commit icon:

From the Report page:

From the Fix page:

PreviousMore Info NextSupported Fixes

Last updated 14 days ago