Issues: find-sec-bugs/find-sec-bugs
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Add support for JSR305 @Detainted / @Tainted / @Untainted in the taint analysis
#735
opened May 3, 2024 by
gehel
Getting "Hard coded password found here" exception where (IMHO) it shouldn't
#731
opened Mar 5, 2024 by
sliric
Wrapper SQL sink method triggers SQL injection detection
false-positive
Something that should not report.
#722
opened Jan 23, 2024 by
jim-bentler
Mark java.sql.Statement enquoteIdentifer, enquoteLiteral, and enquoteNCharLiteral SQL_INJECTION_SAFE
false-positive
Something that should not report.
good first issue
#721
opened Jan 23, 2024 by
jim-bentler
Replace jwgmeligmeyling/spotbugs-github-action
internal
Related to FSB internal testing, build or other tooling.
#720
opened Jan 10, 2024 by
h3xstream
Inconsistency in HTTP_RESPONSE_SPLITTING Rule: Discrepancy in Violation Reporting with Nested Class
false-negative
Something that we have miss.
#719
opened Dec 22, 2023 by
soyodream
Inconsistency in SQL_INJECTION_JPA Rule: Discrepancy in Violation Reporting with Nested Class
false-negative
Something that we have miss.
#718
opened Dec 18, 2023 by
soyodream
Feasiblity of transferring this to spotbugs organization
question
Questions on how to use FSB or about its capabilities.
#717
opened Dec 16, 2023 by
hazendaz
Inconsistency in COMMAND_INJECTION Rule: Discrepancy in Violation Reporting with Nested Class
false-negative
Something that we have miss.
#716
opened Dec 14, 2023 by
soyodream
False Negative: String concatenation with char should not consider char to be SAFE
#711
opened Aug 17, 2023 by
jbindel
Mark sources of Possible JDBC injection as safe
enhancement
New feature or improvement to existing detector.
good first issue
#709
opened Jun 27, 2023 by
apetrelli
IMPROPER_UNICODE rule does not find
equalsIgnoreCase
usage when used as method reference
#708
opened Jun 26, 2023 by
Vampire
The current code doesn't support Jakarta namespace (ENTITY_LEAK and other checks don't work)
#704
opened Jun 15, 2023 by
mrairjan
ReDOS checker not agreeing with https://devina.io/redos-checker
#702
opened May 19, 2023 by
ajohnson1
Why scan results having multiple source-line tags for a bug instance?
#698
opened Mar 13, 2023 by
Lingom-KSR
Previous Next
ProTip!
Adding no:label will show everything without a label.