Vulnerable components that are not running in production are not a priority. DAST attacks the application from the “outside in” by attacking an application like a malicious user would. Dealing with false positives is a big issue in application security…