Skip to main content

One post tagged with "vulnerability-scanning"

View All Tags

ยท 8 min read
Forrest Allison

False Positive Vulnerabilities

False Positives Everywhere

As a web developer, I've learned to ignore vulnerability scan results and that's a big problem.

Most of the results aren't relevant. Sometimes I find it easy to figure out what's safe to ignore from the findings. Other times I find myself scouring documentation, source code, and blog posts only to discover the "RCE" npm audit told me I had doesn't matter.