I have 2 rules that I feel are producing incorrect detections. The logic, in particular, is around CRUD and FLS permissions and SOQL/SOSL injection risks for dynamic queries. In both cases, I have helper classes that do the work of ensuring that the CRUD, FLS, and SOQL/SOQL is handled appropriately.
I am curious as to what the rule is looking for specifically so that I can better understand why it isn’t recognizing the effort in my code to protect against these vulnerabilities.
In general, though I think it would be beneficial to see or at least have some documentation on what a given rule sees as the best practices that is it is testing for.