docs: Clarify that SAST FP Detection only runs on default branch
What does this merge request do and why?
This MR clarifies that SAST false positive detection only runs on the default branch, not on feature branches or other non-default branches. This is an important limitation that should be clearly documented to prevent user confusion.
Changes
Updated Files:
-
doc/user/application_security/vulnerabilities/false_positive_detection.md:- Added note in introduction: "SAST false positive detection only runs on the default branch"
- Updated "Automatic detection" section to explicitly state "on the default branch"
-
doc/user/duo_agent_platform/flows/foundational_flows/sast_false_positive_detection.md:- Added note in overview: "SAST false positive detection only runs on the default branch"
- Updated "Running SAST false positive detection" section to explicitly state "on the default branch"
Why This Change?
Users may assume that SAST false positive detection runs on all branches where SAST scans occur. This documentation update makes it explicit that the feature only operates on the default branch, preventing confusion and setting proper expectations.
Related Issues
- Relates to the SAST False Positive Detection feature documentation (MR !215867 (merged))