Frequently Asked Questions (FAQ)

How does Mobb deal with False Positive SAST findings?

We designed Mobb to address all supported issues, irrespective of their exploitability level. For example, in the case of an injection-style vulnerability, if the user input isn't directly processed in a particular code segment and is erroneously flagged by SAST, it remains uncertain whether this vulnerable code might be copied or invoked from another section of the application later on, rendering it vulnerable. Our approach is to resolve the issue regardless. This ensures compliance with the SAST scanner, thereby benefiting both development and security teams.

Last updated