How to Turn False/Positives Off

August 25, 2022

WRITTEN BY THE KIUWAN TEAM
Experienced developers, cyber-security experts, ALM consultants, DevOps gurus and some other dangerous species.

A common topic of conversation we have with software developers is how to reliably and accurately scan code for vulnerabilities while minimizing the number of false positives. And when false positives do appear, how can they be excluded from the code assessment?

We’ve covered it before, but now is a perfect time to revisit Kiuwan’s “Defects Mute” feature. It’s a really easy way to remove all of those false positives from your code remediation report and this article is a quick refresher on how to use it.

How to Mute False Positives With Kiuwan

After you’ve scanned your code and identified a false positive in the defects list, removing it is easy at the rule, file, and even line-of-code levels.

FP blog img 2

You can set rules from the defects menu at the top of the page by selecting “Defects Mute.” A box will appear where you can drag and drop the defects to mute. You can also include a comment documenting the reason. You can also mute the defect by dragging and dropping the file into the box.

After muting and documenting the selected defects, click the recalculate and save button at the top of the page. Kiuwan will rescan without the muted defects and save that configuration.

Need to unmute a muted defect? Just click the trash can that appears next to it and recalculate.

You can see all of this in action in our tutorial video.

Kiuwan Is Built to Meet Your Needs

We hope this provides helpful insight into customizing your Kiuwan experience to meet your development team’s needs. Muting false positives is a straightforward way to ensure that Kiuwan is accurate, concise, and, most importantly, helpful to you.

FP blog img

And that’s our goal — to provide software development teams with accurate information they can use to make decisions about their projects. 

According to OWASP (Open Web Application Security Project), we’re doing well! They evaluate the speed, coverage, and accuracy of automated software vulnerability detection tools and services. When assessing Kiuwan, we scored a 100% true positive rate (TPR) along with a false positive rate (FPR) of only 16%. Not bad.

Would you like to know more about implementing our secure application development solution? Get in touch with our Kiuwan team! We love to talk about security.

Would you like to know more about implementing secure application development solution in your company? Get in touch with our Kiuwan team! We love to talk about security.