DerTriage

DerTriage is DerScanner's smart tool for automated verification of SAST detections. As a technology, SAST inevitably produces some false positives. DerTriage takes the raw data obtained after a SAST scan, and takes into account broader context to determine whether a particular detection is valid or not.

DerTriage can be triggered either during the scanning stage in the Scan Settings, or upon scan completion, in the Detailed Results.

Triggering it prior to scan execution enables you to make changes in bulk, but negatively affects overall scanning time. To activate, select the required severity levels of vulnerabilities for DerTriage assessment in the Scan Settings. Additionally, selecting the Apply triage results option will automatically assign different statuses to vulnerabilities in Detailed Results: Confirmed for true detections, and Rejected for false positive. The reasoning behind every decision will be available in the vulnerability information.

For targeted checks, DerTriage can be triggered individually in the Detailed Results. Navigate to the vulnerability in question, then click on the three dots to the right. Pressing DerTriage will generate you a recommendation on the detection validity alongside its reasoning.