The Battle Between Linters, Scanners, and Data Flow Analysis
When it comes to security tools, you’re typically balancing two things: how much time it takes for a tool to run to get deeper results vs. the quality of results returned.
As you might expect, faster tools scan just the source code in a single repo (without looking in the open-source libraries and SDK used) and may detect easy-to-find vulnerabilities. In contrast, tools that give better results and can find more challenging vulnerabilities with fewer false positives require more time to complete their scans.