Hiding false positives, revoked credentials, etc.

Sometimes, Security for Jira will find false positives, credentials which have already been revoked, etc. If this happens, you can review the finding. This marks the finding, as well as any other findings which exactly match it, as reviewed in the current and future scans.

Security for Jira has two ways to do this:

• Project administrators (and users with project read permissions who have been granted explicit app access) can review findings from the Security Analysis page. Findings reviewed this way are scoped to the project the finding is in.

• Jira administrators and anyone granted explicit access can review findings globally, on the Soteri Security Settings page.

On the Soteri Dashboard, reviewed false positives are not counted towards the total finding count per project.

Reviewing in the scope of a Project

Users with project administrator permissions can review findings for a particular project.

Reviewing a finding from the Security Analysis page

Marking and unmarking findings reviewed is an audited event.

Click the Mark reviewed button on the finding you want to review. This opens a confirmation window.

Marking a finding as reviewed saves the exact string captured by the rule (in this case,
AKIAIO5FODNN7EXAMPLE). That exact string will be marked as reviewed for all existing and future scans.

After the finding is marked as reviewed, all other findings of that exact string will disappear from the Security Analysis.

Reviewed findings can be shown again with the Show reviewed toggle, where they can also be unmarked.

Note that reviewed findings are scoped to a project. Identical findings across multiple projects must be reviewed separately.

Exporting reviewed false positives

Information about text which is marked reviewed, such as who reviewed it and when, may be exported from the Security Analysis by clicking “Export Project” and then “Reviewed False Positives”.

Note that reviewed false positives are stored independently of any findings. In other words, after clicking “Mark Reviewed” on a finding, that text persists and marks all future matching results as reviewed, even if the original finding is deleted.

You can also export reviewed false positives in all your projects from the Soteri Dashboard.

For more details about exporting findings, see Exporting Findings .

Reviewing findings globally

Jira administrators, or anyone granted explicit access (see Granting Access to Additional Users and Groups ) can add reviewed false positives which apply across all projects in your Jira instance using a CSV upload workflow.

Findings which match any of the global false positives show up as “Globally Reviewed” on the Security Analysis pages, and cannot be reviewed in the project scope.

Adding new global false positives

Navigate to the settings page. Then, click on the “Add Reviewed” button under “Globally Review Findings”:

Clicking on this button will open a modal which allows you to download a template for adding global false positives, and select an existing file to upload.

Uploaded files should be CSVs with a single column titled “Match text”. Every row will be interpreted as a case-sensitive globally reviewed text to add.

You can copy over “Match text” column in an export to create the upload file.

An audit log event is generated when globally reviewed false positives are added. See Viewing Audited Events for more information.

Deleting globally reviewed false positives

Navigate to the settings page. Then, click on the “Remove Reviewed” button under “Globally Review Findings”:

Clicking on this button will open a modal which allows you to download a template for removing globally reviewed false positives, and select an existing file to upload.

Uploaded files should be CSVs with a single column titled “Match text”. Every row will be interpreted as a case-sensitive globally reviewed text to remove.

You can un-review by copying the “Match text” from an export of globally reviewed findings.

An audit log event is generated when globally reviewed false positives are removed. See Viewing Audited Events for more information.

Exporting globally reviewed false positives

Navigate to the settings page. Then, click on the “Export” button under “Globally Review Findings”:

Exports are in CSV format and include:

• The exact text that is considered reviewed

• Who reviewed it

• When it was reviewed

Globally reviewed false positives can also be exported via REST API.