I would say that recall is the most important metric here though. I'd want it to catch all the issues.
False positives are easy to ignore.
What, no they're not. You still need to analyze them to understand they are false positives. It's time wasted
Agree, it's something that will eventually teach your developers to ignore points raised as it's mostly garbage.
Finding problems is optimizing for the customer. Avoiding false positives is optimizing for the developer. Which is right depends on your org's culture.
loading story #48409392