Ignore Advanced Security Violations
Ignore rules allow you to whitelist and ignore security violation rules, in order to filter out unwanted violation noise. For example, you might be running Advanced Scans on a testing repository and don’t want these violations to hinder your testing, or you might have instilled strict actions if a violation is found that is a blocker for continuing your development. You want to ignore the specific violation for the time being.
Ignore rules suppress specific violations so they are not shown in future scans. You can ignore by category, scanner, file path, or individual finding, and define the scope by artifact, build, release bundle, or watch.
There are many reasons why you might want to ignore a violation, you can read more about it here Ignore Rules.
You can create an ignore rule for Exposures violation using the following REST API:
Ignoring Secrets Violations
| Ignore Rule | Description |
|---|---|
| Based on the Exposure | |
| Exposure Scanner | Ignores all violations for the specific scanner. Take note, if this is checked, all exposure violations related to this scanner will be ignored. |
| For any Exposure of the following categories | Ignores all violations of the specific exposures category. If all categories are selected, no violations will be created for Exposures for the specified scope in the ignore rule. |
| Based on file path | |
| Specific File path | The rule will be applied on the specific path within the specified artifact scope. |
| For any file | The rule will be applied for any file path within the specified artifact scope. |
| Based on Artifact | |
| Artifact name selected current version | The rule will be applied on the specific artifact for that specific version of the Docker image. |
| Artifact name selected any version | The rule will be applied on the specific artifact for all versions of the Docker image. |
| For any Artifact | The rule will be applied on all artifacts that contain that violation in the Docker image. |
You can ignore a Secrets violation by creating a Secrets Ignore Rule, which defines the exact conditions under which a secret should be suppressed in future scans. Use this when a secret is a false positive, non-actionable, or intentionally present in a specific location or artifact.
- Navigate to Scans List and open the Secrets Violation you want to ignore.
- Click Ignore Violation to open the Secrets Ignore Rule dialog.
- Select what to ignore under Ignore violation of:
- Specific secret – Ignore this exact secret value
- Specific scanner – Ignore all violations detected by a specific secret-detection rule
- All Secrets violations – Ignore all secret findings
- Define the Location scope:
- In this specific file – Ignore the secret only when found in the selected file
- All files – Apply the ignore rule across any file
- Define the:
- Artifact:
- In this specific version
- All versions of
- All Artifacts - Ignore across all Artifacts
- Build
- In this specific version
- All versions of
- All Builds
- Release Bundle (V2):
- In this specific version
- All versions of
- All Release Bundle V2s
- Artifact:
- Define the Watch scope under Issued using Watches:
- In selected Watches – Only suppress violations generated through specific Watches
- All Watches – Apply the rule regardless of which Watch triggered the violation
- Add a Rule Description
- (Optional) Set an expiration date.
- Click Create to save the ignore rule.
Updated about 2 months ago