DerTriage

DerTriage is DerScanner's smart tool for automated verification of SAST detections. As a technology, SAST inevitably produces some false positives. DerTriage takes the raw data obtained after a SAST scan > investigates the broader context > determines detection validity > leaves you with clear, actionable items.

DerTriage can be triggered either during the scanning stage in the Scan Settings, or upon scan completion, in the Detailed Results.

Triggering DerTriage prior to scan execution enables you to make changes in bulk, but negatively affects overall scanning time. To activate:

1. Select the required severity levels of vulnerabilities in the Scan Settings.
2. Additionally, select Apply triage results to automatically assign statuses to vulnerabilities in Detailed Results: Confirmed for true detections, and Rejected for false positive. The reasoning behind every decision will be available in the vulnerability information.

For targeted checks, DerTriage can be triggered individually in the Detailed Results. Navigate to the vulnerability in question, then click on the three dots to the right. Pressing DerTriage will generate you a recommendation on the detection validity alongside its reasoning.