Ignoring results

[omerlh]

I want to be able to mark results as irrelevant, mainly for false positive. Also, the ability to postpone results should be nice. I am thinking about something like Snyk interactive CLI that iterate over the results and let you decide what to do about them.
I am thinking to implement this using file or DB, but I am open for ideas about that.

[mkonda]

Interesting thoughts. In practice, I have generally done this with the JIRA reporter so that issues get reported to JIRA (only once because of the jira filter) and then I track resolution there.

I worked with one company that built a UI for Glue and tracked the false positives / ignores in tables supporting that application (codeburner).

We have talked about having a false positives or ignore db ... including with the brakeman authors and it turns out that problem is significantly harder than we might initially think.

I'm definitely open to talking more about it. It would definitely be a valuable feature.