Closed ahrav closed 3 months ago
Wouldn't it make sense for filtered_unverified
to do this rather than logging?
Right now, it's inconsistent behave compared to the rest of the --results
options.
Wouldn't it make sense for
filtered_unverified
to do this rather than logging?
I’ll defer to @rosecodym for the specifics about logging false positives. My understanding is that this change aims to make the engine more ergonomic for the enterprise product, and there might be different use cases involved. Cody has extensive experience with the false positive logic, so I’ll wait for his input.
I think that @rgmz is noting inconsistent implementation of filtered_unverified, not the new thing you're adding. But maybe I'm misunderstanding!
It's both.
filtered_unverified
is inconsistentDecided to use filter_unverified
to handle this case.
Description:
This PR introduces a new configuration option to retain false positives during the detection process. By default, the detection engine filters out false positives, but this option allows users to retain them when necessary.
Checklist:
make test-community
)?make lint
this requires golangci-lint)?