Scanning many lines of code with SAST tools may result in hundreds or thousands of vulnerability warnings for a single application. It generates many false-positives, increasing investigation time and reducing trust in such tools. This is particularly the case when the context of the vulnerability cannot be caught by the tool<ref name="ReferenceA"/>
Security notifications produced by static analysis tools may not also be useful to developers. A simple one sentence description that says: there is a security issue in line X, may be as useful as a full page notification produced by a static analysis tool. Empirical data shows that the presentation of such information can impact how developers make use of these tools.<ref>{{cite journal |last1=Tahaei |first1=Mohammad |last2=Vaniea |first2=Kami |last3=Beznosov |first3=Konstantin |last4=Wolters |first4=Maria |title=Security Notifications in Static Analysis Tools: Developers' Attitudes, Comprehension, and Ability to Act on Them |journal=Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems |date=2021 |doi=10.1145/3411764.3445616 |url=https://mohammad.tahaei.com/publication/chi-2021-security-notifications/ |access-date=25 October 2022}}</ref>
