Configuration - Code

Ignore Findings

To allowlist specific CWEs or Rule IDs add them to the ignore list. The repositories list is only applicable in the global configuration file.

code:
  ignore:
    - cwes: [ 589 ] # Potential HTTP request made with variable url
      reason: HTTP requests with variables in tests don't matter
      paths: [ "**/tests/*" ]
      repositories:
        - config-file-parser
        - dast-action
        - cli
    - rule_ids: [ python-sql-injection ]
      reason: This code won't be going live until next year but we should fix it before then
      expiry: "2021-12-31"

Developers can insert in-line comments to accept instances of findings as false positives or accepted risks.

In the following example, the Nullify bot detects a potential vulnerability in a file changed in a pull-request and comments on the lines where an issue is detected.

Accept risk “events” will also be able to be consumed from the Nullify APIeither by querying endpoints/webhook or URL/event stream.

Nullify's method of designating risks offers security teams:

  • The ability to accept risk with one click

  • Access control and audit log gated through the Pull Request (branch protection)

  • Pull Request summary comment for built-in historical log

  • API endpoint to consume whitelist events for reporting and metrics

Last updated

© 2023 Nullify | All Rights Reserved.