Get to the Bottom of False Positives: Potential false positives and what to do with them.
While most false positives result from the misconfiguration of scans, this video series will help you understand what causes them and how to avoid or reduce them. After watching this video, you will:
- Understand why flaws found within second or third party components are not considered false positives.
- Tackle the flaws by reaching out to the vendor(s) or by upgrading to a newer version of the library.
Timestamps for video:
0:00 – 0:08 - Intro
0:09 – 0:53 - An example of a potential false positive found in a dependent library.
0:54 – 1:22 - Why Veracode reports flaws in a dependent library.
1:23 – 2:02 - How to deal with the flaw, which is not a false positive, found in component you can’t directly change.