|
|
|
|
|
|
by verdverm
505 days ago
|
|
|
> for each tool to ... "do one thing well." There is a lot of merit to this statement, as applied to `go tool` usage and to security scanning. Just went through a big security vendor analysis and POCs. In the middle I saw Filippo Valsorda post [1] about false positives from the one stop shops, while govulncheck (language specific) did not have them. At the same time, there was one vendor who did not false positive with the reachability checks on vulns. While not always as good, one-stop-shops also add value by removing a lot of similar / duplicated work. Tradeoffs and such... [1] https://bsky.app/profile/filippo.abyssdomain.expert/post/3ld... |
|
|