FAQs
Overview
Features & Roadmap
How It Works
Getting Started
Resources
FAQs
Meet the Team

FAQs

No, XCA augments existing code scanning solutions, including custom rules based on past vulnerabilities that may not be available in generic default rulesets. As such, it targets specific, known vulnerable code patterns with a high true positive rate instead of general code hygiene or potential vulnerabilities.

The Semgrep OSS Engine is already integrated into GitLab SAST and does not require additional modifications.

Vulnerabilities discovered from XCA are stored in the GitLab project as a Vulnerability Report.

Was this article useful?

XCA

A Set of Custom Rules That Detect Repeated Vulnerabilities in Code