▲ 0 r/devsecops
Built a multi-agent Sast
Built a multi-agent SAST scanner with AgentFlow4J to reduce false positives while preserving recall.
On one public benchmark with labelled ground truth:
* CodeQL: 272/272 vulnerabilities, 87 false positives
* Mine: 272/272 vulnerabilities, 27 false positives
It’s only one benchmark (partly synthetic), so I see this as a promising signal, not proof.
What additional evidence would you need to trust these results?
u/Crafty-Ad-9627 — 1 day ago