|
|
|
|
|
|
by Sohcahtoa82
524 days ago
|
|
|
That wasn't my experience when I used Snyk at my last job, depending on your definition of FP. For example, if you're using a multi-protocol networking library, and it says that the version you have installed is has a vulnerability in its SMTP handling, but you don't use the SMTP functionality, is that a FP? I'd argue that it's irrelevant, but not a false positive. I never had it get the version of a library wrong. |
|
|