Global Allowed List and Local allowed list - Documentation

Global Allowed List

Global Allowed List helps you suppress those SAST rules that you don’t need. Using this Global Allowed list, you can remove false positives from all future scans related to that specific tech stack. Global allowed list can be turned on and off using SAST Rules, to use this feature follow below steps.

Step 1: Login to your CloudDefense Instance and click on “Compliance”

Step 2: Click on SAST Rules option

Here you can see a toggle button for each SAST rule related to “Java” (you can switch language from the dropdown above).

Use these toggle buttons to remove any findings from any project related to this specific programming language. You can also change the default severity for this rule with your own custom severity, and CloudDefense will use that severity instead of the default one.

Local Allowed List

Local Allowed List works like Global allowed list, there is only one small difference between global and local allowed list and that is from where these rules are applied or how this works. When you use a local allowed list, you make these changes only at the application level, so all changes will be reflected for that specific application, whereas a global allowed list affects all of your applications.

To use local allowed list follow below option

1. Login to your CloudDefense Instance

2. Choose any scanned application

3. Now expand this list and click on “Code Analysis”

4. Now you can see reported findings like this, and you can also see a button “Add to allowed list”

5. Click on “Add to allowed list”, and that specific issue will be removed from your scan results.

6. Now, what if you want to see those suppressed findings again? Simply toggle that “Allowed vulnerabilities” button on top.