What we were trying to learn

What are developer expectation from a code security scanner results dashboard?

We wanted to learn:

• Which code scanning tools are currently used by our developers?
• Has anyone on the team evaluated or used FortiDevSec for code scanning, alongside the existing tools?
• How does the development team currently handle and manage vulnerability-related issues identified during code scanning?
• Are there any specific challenges the developers face in dealing with vulnerabilities found by code scanning tools?
• If we developed a dashboard to track, prioritize, and manage vulnerability-related issues, what elements would be most helpful for the developers?

Our assumptions:

• We believe developers likely utilize various code-scanning tools to address different security needs.
• Developers would potentially benefit from a personal dashboard to track and manage their pending and current vulnerability-related issues.