# Global Allowed List and Local allowed list - Documentation

{% embed url="<https://youtu.be/8soqRPBf7tE>" %}

## Global Allowed List&#x20;

Global Allowed List helps you suppress those SAST rules that you don’t need. Using this Global Allowed list, you can remove false positives from all future scans related to that specific tech stack. Global allowed list can be turned on and off using SAST Rules, to use this feature follow below steps.

### Step 1: Login to your CloudDefense Instance and click on “Compliance”

<figure><img src="https://lh3.googleusercontent.com/5tF52cMP27DbTGRzQJeC5Gza4fSXgK6fvg1hH70mM8efnoW0vSusOPCaXXO7thnwsEFR6g9wb9b0A--pyISSTBYeLytg-0HIDqeT7iwzmj_WJBqg1TD8IW4xmL2lyfAceiEBxbWCwuLdSZKZl1gcfogB24GLddWc3xqQZHzYcNJjsFwLGXmLFUT3" alt=""><figcaption></figcaption></figure>

### Step 2: Click on SAST Rules option <br>

<figure><img src="https://lh4.googleusercontent.com/GVN07BNbyqU7wpd7IOFd6FnrVjgfSAM8KyWmpzH7p4cT0tkFmwzNR4W6klKQFy8xb7bak0J7gAjlyN_O4s_t4yLg99W4UK34WNgTywddTuPQTYKO8ggcqs1PdGUqOahckuu_0lOiSbdFz4CwExZkfS8ktoD4lbsKnza-8uudhmO5PAqHGLN4X-OF" alt=""><figcaption></figcaption></figure>

Here you can see a toggle button for each SAST rule related to “Java” (you can switch language from the dropdown above).

<figure><img src="https://lh5.googleusercontent.com/IxkkYL9vR5X9UpD5FHvh0rRAHTKbEM2e3HtavuaiUwcQFqMr4atF04VCIBt-vgGnA0wxyh-myLk2j2OR5k_tf4oaskpz3h-EJYtbJIGKGm6A7OLET75tqQDqLtxKwtmdu-Q3oC4gFk1QOCztjI-1gfp85OK9YmPr9msbthcqlnlpvGrHAShz4JuG" alt=""><figcaption></figcaption></figure>

Use these toggle buttons to remove any findings from any project related to this specific programming language. You can also change the default severity for this rule with your own custom severity, and CloudDefense will use that severity instead of the default one.

## Local Allowed List

Local Allowed List works like Global allowed list, there is only one small difference between global and local allowed list and that is from where these rules are applied or how this works. When you use a local allowed list, you make these changes only at the application level, so all changes will be reflected for that specific application, whereas a global allowed list affects all of your applications.

To use local allowed list follow below option

1. Login to your CloudDefense Instance&#x20;
2. Choose any scanned application

<figure><img src="https://lh6.googleusercontent.com/dRuJPlh32lA3WtB8EkEJLqHWEa8kAYchvC3WpFlwbNjl2nQjxmB9PHT6fxHA8f4kt_DocA6kAKre7sHjtGBeklHJgZI1s6k5Qfx132ihVBkaoiMD69aWyGjpOLAYlI1gnxw9LNeE7wlmBtGxFZ1F63Y87QEA2kfDvjf2wVUwGW08x_AhGHMbHWwo" alt=""><figcaption></figcaption></figure>

3\. Now expand this list and click on “Code Analysis”

<figure><img src="https://lh4.googleusercontent.com/A1a_H1TrEG9kvI4Mk4fm2pit6hVmS45O14lZBekkvcY97mxi8hWbL0BLv3FK1Bku4e5MUPDo_RYYSBzWyHJMY6lzJiB-FrBocC5OrSUJF7v9I5VjtutlTg8EHjbJP5Zedt-Iq5Mifzzc69yC9C4a0Ld7UqCiSecYI2oZa30GLUchM5TaLoNabImK" alt=""><figcaption></figcaption></figure>

4\. Now you can see reported findings like this, and you can also see a button “Add to allowed list”

<figure><img src="https://lh6.googleusercontent.com/d9q4kTuZqeYN5s7sRt0vYPZlfRrDvH7LrvmEbxbDRCSk6GGG-Y5TgflSZikUT88nrSlUBD0NXmxrMR46YYP7UJRj8fF-cVlOCDxBLBXu1buqWDwIvH5Di6dC3HrYN5oEpR8v12Own-S5BZ1m8jBorZeOCEgi6vZvVSH1z6XwBycFZ5b6OwWGbkRN" alt=""><figcaption></figcaption></figure>

5\. Click on “Add to allowed list”, and that specific issue will be removed from your scan results.&#x20;

6\. Now, what if you want to see those suppressed findings again? Simply toggle that “Allowed vulnerabilities” button on top.

<br>

<figure><img src="https://lh4.googleusercontent.com/XeQh5hWC0YjUFKdzOXn6_OMs30h-kYe9xKSdAaomHcQCYuC4Ec3f7rDAYXBne5WhBmztHWmZOqb_SaZ-kZ-jKBudtf_WghVIN1rshVVeBKLHrYWmQSVMZi4S6KCvL4Plnou457F06203yLCfoZS-ayXLMHsDsWD9foBs9K1YmN8p7jvRermdscQ_" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.clouddefenseai.com/features/global-allowed-list-and-local-allowed-list-documentation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.