# Global Allowed List and Local allowed list - Documentation

{% embed url="<https://youtu.be/8soqRPBf7tE>" %}

## Global Allowed List&#x20;

Global Allowed List helps you suppress those SAST rules that you don’t need. Using this Global Allowed list, you can remove false positives from all future scans related to that specific tech stack. Global allowed list can be turned on and off using SAST Rules, to use this feature follow below steps.

### Step 1: Login to your CloudDefense Instance and click on “Compliance”

<figure><img src="https://lh3.googleusercontent.com/5tF52cMP27DbTGRzQJeC5Gza4fSXgK6fvg1hH70mM8efnoW0vSusOPCaXXO7thnwsEFR6g9wb9b0A--pyISSTBYeLytg-0HIDqeT7iwzmj_WJBqg1TD8IW4xmL2lyfAceiEBxbWCwuLdSZKZl1gcfogB24GLddWc3xqQZHzYcNJjsFwLGXmLFUT3" alt=""><figcaption></figcaption></figure>

### Step 2: Click on SAST Rules option <br>

<figure><img src="https://lh4.googleusercontent.com/GVN07BNbyqU7wpd7IOFd6FnrVjgfSAM8KyWmpzH7p4cT0tkFmwzNR4W6klKQFy8xb7bak0J7gAjlyN_O4s_t4yLg99W4UK34WNgTywddTuPQTYKO8ggcqs1PdGUqOahckuu_0lOiSbdFz4CwExZkfS8ktoD4lbsKnza-8uudhmO5PAqHGLN4X-OF" alt=""><figcaption></figcaption></figure>

Here you can see a toggle button for each SAST rule related to “Java” (you can switch language from the dropdown above).

<figure><img src="https://lh5.googleusercontent.com/IxkkYL9vR5X9UpD5FHvh0rRAHTKbEM2e3HtavuaiUwcQFqMr4atF04VCIBt-vgGnA0wxyh-myLk2j2OR5k_tf4oaskpz3h-EJYtbJIGKGm6A7OLET75tqQDqLtxKwtmdu-Q3oC4gFk1QOCztjI-1gfp85OK9YmPr9msbthcqlnlpvGrHAShz4JuG" alt=""><figcaption></figcaption></figure>

Use these toggle buttons to remove any findings from any project related to this specific programming language. You can also change the default severity for this rule with your own custom severity, and CloudDefense will use that severity instead of the default one.

## Local Allowed List

Local Allowed List works like Global allowed list, there is only one small difference between global and local allowed list and that is from where these rules are applied or how this works. When you use a local allowed list, you make these changes only at the application level, so all changes will be reflected for that specific application, whereas a global allowed list affects all of your applications.

To use local allowed list follow below option

1. Login to your CloudDefense Instance&#x20;
2. Choose any scanned application

<figure><img src="https://lh6.googleusercontent.com/dRuJPlh32lA3WtB8EkEJLqHWEa8kAYchvC3WpFlwbNjl2nQjxmB9PHT6fxHA8f4kt_DocA6kAKre7sHjtGBeklHJgZI1s6k5Qfx132ihVBkaoiMD69aWyGjpOLAYlI1gnxw9LNeE7wlmBtGxFZ1F63Y87QEA2kfDvjf2wVUwGW08x_AhGHMbHWwo" alt=""><figcaption></figcaption></figure>

3\. Now expand this list and click on “Code Analysis”

<figure><img src="https://lh4.googleusercontent.com/A1a_H1TrEG9kvI4Mk4fm2pit6hVmS45O14lZBekkvcY97mxi8hWbL0BLv3FK1Bku4e5MUPDo_RYYSBzWyHJMY6lzJiB-FrBocC5OrSUJF7v9I5VjtutlTg8EHjbJP5Zedt-Iq5Mifzzc69yC9C4a0Ld7UqCiSecYI2oZa30GLUchM5TaLoNabImK" alt=""><figcaption></figcaption></figure>

4\. Now you can see reported findings like this, and you can also see a button “Add to allowed list”

<figure><img src="https://lh6.googleusercontent.com/d9q4kTuZqeYN5s7sRt0vYPZlfRrDvH7LrvmEbxbDRCSk6GGG-Y5TgflSZikUT88nrSlUBD0NXmxrMR46YYP7UJRj8fF-cVlOCDxBLBXu1buqWDwIvH5Di6dC3HrYN5oEpR8v12Own-S5BZ1m8jBorZeOCEgi6vZvVSH1z6XwBycFZ5b6OwWGbkRN" alt=""><figcaption></figcaption></figure>

5\. Click on “Add to allowed list”, and that specific issue will be removed from your scan results.&#x20;

6\. Now, what if you want to see those suppressed findings again? Simply toggle that “Allowed vulnerabilities” button on top.

<br>

<figure><img src="https://lh4.googleusercontent.com/XeQh5hWC0YjUFKdzOXn6_OMs30h-kYe9xKSdAaomHcQCYuC4Ec3f7rDAYXBne5WhBmztHWmZOqb_SaZ-kZ-jKBudtf_WghVIN1rshVVeBKLHrYWmQSVMZi4S6KCvL4Plnou457F06203yLCfoZS-ayXLMHsDsWD9foBs9K1YmN8p7jvRermdscQ_" alt=""><figcaption></figcaption></figure>