Skip to main content
Skip table of contents

Hiding false positives, revoked credentials, etc.

Sometimes, Security for Jira will find false positives, credentials which have already been revoked, etc. If this happens, you can review the finding. This marks the finding—as well as any other findings which exactly match it—as reviewed in current and future scans.

Project administrators and Jira administrators can review findings from a project’s Security Analysis page. Reviewed findings are scoped to the project the finding is in.

Click the Mark reviewed button on the finding you want to review, which will open a confirmation dialog:

Marking a finding as reviewed saves the exact string captured by the rule (in this case, aws: N80MLFFfJ2nhNH2aAeld3OJYuF9qs6j4uHR+Y130). That exact string will be marked as reviewed for all existing and future scans in this project.

Screenshot 2024-10-16 at 11-29-08 Security Analysis - Jira.png

After the finding is marked as reviewed, all other findings of that exact string will disappear from the Security Analysis.

Reviewed findings can be shown again with the Show reviewed toggle, where they can also be unmarked:

Note that reviewed findings are scoped to a project. Identical findings across multiple projects must be reviewed separately.

Reviewing findings globally

Jira administrators can add reviewed false positives which apply across all projects in your Jira instance using a CSV upload workflow.

Findings which match any of the global false positives show up as “Globally Reviewed” on the Security Analysis pages, and cannot be reviewed in the project scope.

grf.png

Adding new global false positives

Navigate to the settings page. Then, click on the “Add Reviewed” button under “Globally Review Findings”:

reviewed.png

Clicking on this button will open a modal which allows you to download a template for adding global false positives, and select an existing file to upload.

Uploaded files should be CSVs with a single column titled “Match text”. Every row will be interpreted as a case-sensitive globally reviewed text to add.

You can copy over the “Match text” column in an export to create the upload file. However, note that some spreadsheet software—notably Microsoft Excel—rounds numbers and/or displays them in scientific notation by default. We recommend LibreOffice, Apple Numbers, or Google Sheets instead.

Deleting globally reviewed false positives

Navigate to the settings page. Then, click on the “Remove Reviewed” button under “Globally Review Findings”:

Clicking on this button will open a modal which allows you to download a template for removing globally reviewed false positives, and select an existing file to upload.

Uploaded files should be CSVs with a single column titled “Match text”. Every row will be interpreted as a case-sensitive globally reviewed text to remove.

You can un-review by copying the “Match text” from an export of globally reviewed findings. However, note that some spreadsheet software—notably Microsoft Excel—rounds numbers and/or displays them in scientific notation by default. We recommend LibreOffice, Apple Numbers, or Google Sheets instead.

Exporting globally reviewed false positives

Navigate to the settings page. Then, click on the “Export” button under “Globally Review Findings”:

export.png

Exports are in CSV format and include:

  • The exact text that is considered reviewed

  • Who reviewed it

  • When it was reviewed

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close