Ignore Findings

Ignore a Specific Finding

The SAST scanner allows you to ignore a vulnerability finding simply by placing an jfrog-ignore annotation directly in the code. Place the jfrog-ignore annotation as a comment above the sink line of the vulnerability (the final line in the data flow).

The following example shows how to ignore an unsafe-deserialization issue:

 => {
    res = set_cors(req, res)
    res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private');
    payload = Buffer.from(req.body.data, "base64");
    var data = ;

Bottom line: Place the jfrog-ignore annotation above the finding's final line

Unignore Findings

To un-ignore a scan finding, simply remove the jfrog-ignore annotation from the finding's execution line and re-scan the project.

Last updated

© 2024 JFrog Ltd All Rights Reserved