This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
We are using a SAST SCA vendor tool and want to know whether we should be running it before or after a build? We had some issues with the tool in that the build created too many files that were too many LOC for the tool to handle so we had to move it before. Another reason was that it picked up unrelated vulnerabilities that were related to source control (that was unused) which was different from scanning it via manually, which was another reason why we moved it before the build.
Is this recommended, what is the standard practice, should we run it before or after the build?
Subreddit
Post Details
- Posted
- 9 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/AskNetsec/c...