# Defining Exclusions

Exclusions are defined contextually, when a user explicitly excludes an issue while investigating findings elsewhere in the platform. Any user with permissions to manage issues or policies can define exclusions.

The exclusions are applied to future and existing scans and affect issue visibility accordingly.

## What can be excluded

The exclusions are always created from an existing finding and are limited to the type and context of that finding. You cannot create free-form or global exclusions.

The following issue types can be excluded:

* Code and application issues, such as static code findings or issues tied to specific files or code locations.
* Secrets detected in code.
* Cloud and infrastructure misconfigurations, scoped to specific resources, rule identifiers, or cloud accounts.

## Define an exclusion

1. Go to **Active Issues**.
2. Select the issue you want to exclude and

* Click the three dots on the right and select **Exclude**, Or
* Open **Issue Details** and in the bottom right corner, select **Exclude**.

<figure><img src="/files/YG5xhcycPQ3i4RNgUtCR" alt="" width="264"><figcaption></figcaption></figure>

| Option                                         | Description                                                                                                                                                                                           | Scope                                             | Impact                                                                                                                                  |
| ---------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| Exclude this issue only                        | Excludes only the selected issue. If the issue includes multiple aggregations, the exclusion can apply to selected aggregations only. The issue may still appear if other aggregations remain active. | Single issue (or selected aggregations within it) | Minimal impact. Other issues or aggregations from the same rule remain visible.                                                         |
| Exclude the detection rule in this application | Excludes all issues generated by the same detection rule within the current application.                                                                                                              | Application level                                 | Removes all related issues for this rule in the selected application.                                                                   |
| Exclude the detection rule in all applications | Excludes all issues generated by the same detection rule across all applications.                                                                                                                     | Organization level (global)                       | Broadest rule-based impact. Removes all related issues for this rule across the entire organization.                                    |
| Exclude this secret in all applications        | Excludes the specific secret value wherever it appears, regardless of which detection rule produced the finding. Available for Secret findings only.                                                  | Secret value, organization level (global)         | Removes all occurrences of this specific secret across the entire organization. Other secrets detected by the same rule remain visible. |

3. In the bottom right corner, select **Exclude**.

<figure><img src="/files/53FB3qsaxqGqJZx7EfbI" alt=""><figcaption></figcaption></figure>

4. Review the exclusion scope and matching criteria.

> **Note:** In some categories, the issue name and the rule name are identical, which can make the difference between **Exclude This Issue Only** and **Exclude Detection Rule** less obvious in the UI. The exclusion scope (issue vs. rule, single app vs. all apps) is always shown in the exclusion dialog before you confirm.

5. Choose whether the exclusion is permanent or time-bound.
6. Optionally, add a comment explaining the reason for the exclusion.
7. Select **EXCLUDE ISSUE**.

The exclusion is applied immediately and will be reflected in future scans. You can review and manage all defined exclusions from the [Exclusions page](/exclusions-and-sla/scope-policy-and-sla-compliance/exclusions-new.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ox.security/exclusions-and-sla/scope-policy-and-sla-compliance/exclusions-new/defining-exclusions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.