A common topic of conversation we have with software developers is how to reliably and accurately scan code for vulnerabilities while minimizing the number of false positives. And when false positives do appear, how can they be excluded from the code assessment?
We’ve covered it before, but now is a perfect time to revisit Kiuwan’s “Defects Mute” feature. It’s a really easy way to remove all of those false positives from your code remediation report and this article is a quick refresher on how to use it.
How to Mute False Positives With Kiuwan
After you’ve scanned your code and identified a false positive in the defects list, removing it is easy at the rule, file, and even line-of-code levels.
You can set rules from the defects menu at the top of the page by selecting “Defects Mute.” A box will appear where you can drag and drop the defects to mute. You can also include a comment documenting the reason. You can also mute the defect by dragging and dropping the file into the box.
After muting and documenting the selected defects, click the recalculate and save button at the top of the page. Kiuwan will rescan without the muted defects and save that configuration.
Need to unmute a muted defect? Just click the trash can that appears next to it and recalculate.
You can see all of this in action in our tutorial video.
Kiuwan Is Built to Meet Your Needs
We hope this provides helpful insight into customizing your Kiuwan experience to meet your development team’s needs. Muting false positives is a straightforward way to ensure that Kiuwan is accurate, concise, and, most importantly, helpful to you.
And that’s our goal — to provide software development teams with accurate information they can use to make decisions about their projects.
According to OWASP (Open Web Application Security Project), we’re doing well! They evaluate the speed, coverage, and accuracy of automated software vulnerability detection tools and services. When assessing Kiuwan, we scored a 100% true positive rate (TPR) along with a false positive rate (FPR) of only 16%. Not bad.
Would you like to know more about implementing our secure application development solution? Get in touch with our Kiuwan team! We love to talk about security.
