...
- Parameterization: Many checkers can be parameterized and may need to be tuned to your codebase. You should disable these checkers if they do not provide value based on your project.
- Value to the project: You should consider disabling checkers if they do not provide value based on your project.
- Age and criticality: Many projects include older code that should not be touched because knowledge about the code is no longer available or because it is extremely sensitive. Proper controls should be put in place to suppress violations related to this kind of code. Do not run SAST on any cod code that you either have no intention of fixing or where your policy prevents fixing without specific circumstances.
...