Transport False-Positive comments to Checkmarx report I want to find the best way to address false positives in the Checkmarx report One of the points I am investigating is how to make the Checkmarx report to display the false positive comment that has
CheckMarx FLS Create Update Vulnerability in Salesforce Apex Code As such this is a Checkmarx false positive and must be addressed by explaining the scenario in your submission documentation This answer covers how you can also best to comment the relevant code to help the Salesforce Security Team navigate the report from Checkmarx
Lighting DOM XSS attack reported by chekmarx We have received checkmarx report from client where there are 10-12 issues are related to lightning DOM XSS attack In majority cases, issues are related to attributes are assigned using the apex c
lightning aura components - Salesforce Stack Exchange Checkmarx is correctly warning you that this is a dangerous operation since someone could craft the content of the SVG element to include some form of hack What you need to do is think about why you are doing this
Checkmarx Security Scanner FLS Issues - Salesforce Stack Exchange I run the checkmarx scanner for app and received ~250 FLS issues, which is understood, because when the app developed it simply was not checked However I have noticed that there are lots of cases
security - How Checkmarx works - Salesforce Stack Exchange Can someone please advise how Checkmarx Force com Security Source Scanner will be performing code review Is code review happening within Salesforce servers or code get ported to Checkmarx server How
checkmarx - Force. com code Scanner Portal Inability to Track FLS Checks . . . Therefore, when dynamic objects are used, CheckMarx cannot confirm that proper security checks are applied I actually facing this FLS update violations for several objects in my source code from both Force com code scanner [CheckMarx] and PMD analyzer also