Sonar's Scoring on the Top 3 Python SAST Benchmarks

In this blog series on SAST benchmarks, Sonar has shared its performance scores for Java, C#, and Python. The company's approach involves selecting three projects from GitHub related to SAST benchmarks for each language. Sonar considers a good SAST solution to have a True Positive Rate (TPR) of 90% and a False Discovery Rate lower than 10%. The results show promising outcomes, with TPR scores close to the target for all three languages: Java at 93%, C# at 90%, and Python at 92%. Sonar is committed to continually improving its SAST engine and providing precise and actionable results. By sharing these metrics and ground truths, the company aims to promote transparency and help businesses make informed decisions about their SAST solutions.