Ability to import Findbugs/code inspection results
skirge opened this issue · comments
skirge commented
Please add an ability to import Findbugs (find-sec-bugs) or more generally some code inspection results (possible format: FileName.java,line number,description
but personally I'm using IntelliJ IDEA)and show the results on the graph on separate layer (dots maybe, with tooltip?).
Use case:
- scan source code for interesting functions like getRuntime().exec() etc. and import the results
- pentest the app with coverage
- paste the graph in the report to prove that potentially vulnerable functions were covered in tests