Reshift is a static code analysis tool that operates on both the source code and the binaries. reshift primarily needs continuous access to the source code for the following reasons:
To display accurate diagnostic information to the user as they triage a vulnerability. Information such as line numbers for the vulnerabilities found, Git blame and branch information.
To be able to integrate security issues found into the Pull request workflow
If you have any more questions, please email us at [email protected]!