How to ensure accurate and valid scan results?

In order for our scan engines to produce accurate and valid scan results, the projects imported should fulfill the following prerequisites:

• Projects should contain smart contracts written in Solidity language (.sol files)

• Projects should be able to compile successfully

• For mono-repos – repositories that contain multiple projects, it is necessary to specify the sub-directory of a specific project you want to scan for issues. This is configurable in the "Advanced Settings" section in the Start Scan dialog. For example: the repository in the following screenshot contains 3 sub-projects and each of them is a standalone, hardhat-based web3-project. It is then necessary to make sure the sub-path setting is set to a specific sub-project directory when the scan is started.

What to do if the security scan fails?

There could be various reasons that prohibit the scan engines to delivery the final scan results. The most common problems are:

1. Invalid project

2. Missing project dependencies

3. Unsuccessful compilation of the project

What smart contract / web3 frameworks are currently supported?

What smart contract formats / languages are currently supported?