# Code Configuration

## Overview

### Autofix

Control how Nullify drafts pull requests for code findings:

```yaml
code:
  auto_fix:
    enabled: true
    max_pull_requests_open: 2
    max_pull_request_creation_rate:
      count: 2
      days: 7
```

* `enabled` toggles automated fixes for supported languages (Go, Java, JavaScript/Node.js, Python).
* `max_pull_requests_open` limits simultaneous fix branches per repository.
* `max_pull_request_creation_rate` throttles how frequently new fixes are proposed.

### Ignore Findings

Allow-list specific rules or CWEs when a risk is accepted:

```yaml
code:
  ignore:
    - cwes: [589]
      reason: HTTP requests with variables in tests are acceptable
      paths: ["**/tests/*"]
      repositories:
        - config-file-parser
        - dast-action
        - cli
    - rule_ids: [python-sql-injection]
      reason: Deferred until Q4 rework
      expiry: "2024-12-31"
```

Inline suppressions are also supported. Reviewers can accept a finding inside a pull request by committing a Nullify ignore directive, which records the decision for audit and updates future assessments.

<figure><img src="/files/YTl7dnSziyYE5FhatVUh" alt=""><figcaption><p>Reviewer commits a Nullify ignore directive above the flagged code.</p></figcaption></figure>

<figure><img src="/files/6f7jiYgt2rf382lJUqnO" alt=""><figcaption><p>The directive suppresses the precise instance of the finding.</p></figcaption></figure>

<figure><img src="/files/uLctPaPFCLfSzwm3hC4o" alt=""><figcaption><p>Nullify summarises accepted risks in the pull request timeline.</p></figcaption></figure>

Accepted-risk events also flow through the [Nullify API](/api-reference/api-reference.md) so you can export them for compliance, metrics, or SIEM correlation.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nullify.ai/configuration/configuration-code.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.