They do static analysis, including a “am I really affected by this CVE?” analysis by looking at if you’re calling the offending code. One of the SAST tooling options, useful for Supply Chain Security vulnerability triage.
Feb 16, 20261 min read
They do static analysis, including a “am I really affected by this CVE?” analysis by looking at if you’re calling the offending code. One of the SAST tooling options, useful for Supply Chain Security vulnerability triage.