Ignore Findings

Ignore a Specific Finding

The SAST scanner allows you to ignore a vulnerability finding simply by placing an jfrog-ignore annotation directly in the code. Place the jfrog-ignore annotation as a comment above the 'sink' line of the vulnerability (the final line in the data flow).
The following example shows how to ignore an unsafe-deserialization issue:
1
export: (req, res) => {
2
res = set_cors(req, res)
3
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private');
4
payload = Buffer.from(req.body.data, "base64");
5
// jfrog-ignore
6
var data = serialize.unserialize(payload.toString());
Bottom line: Place the jfrog-ignore annotation above the finding's final line

Unignore Findings

To un-ignore a scan finding, simply remove the jfrog-ignore annotation from the finding's execution line and re-scan the project.
Last modified 5mo ago
© 2023 JFrog Ltd All Rights Reserved