search
Ctrlk
Book a demo

Defining Exclusions

Exclusions are defined contextually, when a user explicitly excludes an issue while investigating findings elsewhere in the platform. Any user with permissions to manage issues or policies can define exclusions.

The exclusions are applied to future and existing scans and affect issue visibility accordingly.

hashtag
What can be excluded

The exclusions are always created from an existing finding and are limited to the type and context of that finding. You cannot create free-form or global exclusions.

The following issue types can be excluded:

  • Code and application issues, such as static code findings or issues tied to specific files or code locations.

  • Secrets detected in code.

  • Cloud and infrastructure misconfigurations, scoped to specific resources, rule identifiers, or cloud accounts.

hashtag
Define an exclusion

  1. Go to Active Issues.

  2. Select the issue you want to exclude and

  • Click the three dots on the right and select Exclude, Or

  • Open Issue Details and in the bottom right corner, select Exclude.

Option
Description
Scope
Impact

Exclude this issue only

Excludes only the selected issue. If the issue includes multiple aggregations, the exclusion can apply to selected aggregations only. The issue may still appear if other aggregations remain active.

Single issue (or selected aggregations within it)

Minimal impact. Other issues or aggregations from the same rule remain visible.

Exclude the detection rule in this application

Excludes all issues generated by the same detection rule within the current application.

Application level

Removes all related issues for this rule in the selected application.

Exclude the detection rule in all applications

Excludes all issues generated by the same detection rule across all applications.

Organization level (global)

Broadest rule-based impact. Removes all related issues for this rule across the entire organization.

Exclude this secret in all applications

Excludes the specific secret value wherever it appears, regardless of which detection rule produced the finding. Available for Secret findings only.

Secret value, organization level (global)

Removes all occurrences of this specific secret across the entire organization. Other secrets detected by the same rule remain visible.

  1. In the bottom right corner, select Exclude.

  1. Review the exclusion scope and matching criteria.

Note: In some categories, the issue name and the rule name are identical, which can make the difference between Exclude This Issue Only and Exclude Detection Rule less obvious in the UI. The exclusion scope (issue vs. rule, single app vs. all apps) is always shown in the exclusion dialog before you confirm.

  1. Choose whether the exclusion is permanent or time-bound.

  2. Optionally, add a comment explaining the reason for the exclusion.

  3. Select EXCLUDE ISSUE.

The exclusion is applied immediately and will be reflected in future scans. You can review and manage all defined exclusions from the Exclusions page.

Last updated