They do static analysis, including a “am I really affected by this CVE?” analysis by looking at if you’re calling the offending code. One of the SAST tooling options, useful for Supply Chain Security vulnerability triage.
They do static analysis, including a “am I really affected by this CVE?” analysis by looking at if you’re calling the offending code. One of the SAST tooling options, useful for Supply Chain Security vulnerability triage.