[itake]

Yeah… so this example is saying “you need to redesign your infrastructure before you can merge this change in.”

If sftp is a requirement, it should have been captured earlier in the process and not after the integration code was written.

[gmontard]

In an ideal world security tools like this one should be useless… but unfortunately we don’t all live in this world where security requirements are all captured, understood and implemented correctly.

This is what just an exemple, think about application level encryption, leakage in logger messages etc.