SAST scan results

The SAST scanning engine uses AI and complementary technologies to improve detection accuracy and streamline result analysis.

Intelligent Code Analysis (ICA)

Static analysis scans apply Intelligent Code Analytics (ICA). ICA automatically discovers new application programming interfaces (API) and assesses them for security impact. Through ICA, all third-party API and frameworks are reviewed and assigned the correct security impact. This allows for more complete scan results. To learn more about ICA, see this article.

Intelligent Finding Analytics (IFA)

Findings are processed by Intelligent Finding Analytics (IFA) as part of the scanning. IFA is a powerful AI-based technology that does much of the triage work for you by, among other things, filtering out false positives and by identifying findings that can be remedied by a fix in one code point. To learn more about IFA, see this article.
Note: ICA applies to non-source code scans of Java, C/C++, and .NET, while IFA applies to non-source code scans of Java and .NET, as well as all JavaScript scans.

Fix groups

Static analysis assessments list findings by fix group. A fix group represents the most common node that grouped findings flow through. Typically, if a fix is implemented for a fix group, you can achieve the greatest effect for less work. A fix group can also be considered a logical grouping point wherein related findings can be reviewed at the same time. Note that a fix group may not be the exact place at which a fix should be placed. Future refactoring, code practices, and other factors might preclude using the fix group location for a fix.

Note: Each fix group displays a maximum number of 100 findings per vulnerability type.