How can I ignore a finding ?¶
It is possible that something Boost found is not actually a problem. In this case, you may add a
noboost comment at the end of the line to tell the scanner to ignore it.
someLineFlaggedByBoost() // noboost
For languages like Python, Ruby, or Terraform ignore a line by the following:
someFlaggedLine() # noboost
You can also decide to ignore specific rules by supplying each rule name separated by a space.
someLineFlaggedByBoost() // noboost rule1 rule2
How can I ignore multiple files or entire directories ?¶
Boost supports ignoring entire files and directories by simply committing a
.boostignore file to the root of the project.
The format of the file is the same as
.gitignore files such as:
ignore-one-file a/** a/b/**/c/**
Boost recommends using the following published
.boostignore file which will reduce common false positives across various languages and frameworks.
What if I want a different policy on each repository?¶
The repository-level policy feature is still under active development.
Boost supports repository level policies by adding a
sectool-config.json file to your repository. The contents of the
sectool-config.json follow the
exact format of the org-level policy when viewed in the code editor of the Policy page.
How do I make sure certain files are not deleted during a Diff-scan?¶
Boost optimizes tool runtime by scanning only modified files (where appropriate) on PR runs. In order to specify critical files that should not be ignored a
.boostinclude file can be commited to the root of the project. This file tells Boost what files to always retain when preparing the working directory for a diff-scan and has the same format at the
.boostignore file. An example has been provided below:
# Scripts used to run tools: bin/**/* # Configuration for tools: config/**/*
How can prevent scanner failures from impacting my pipelines¶
Boost Scanner may optionally be configured to ignore most exceptions and return
a successfull exit code in case of failure. To enable this, you may either pass
--ignore-failures command line option or set the