Documentation

Ignoring Issues

Suppress specific findings using inline comments or config.

Sometimes a finding is a false positive, or you have accepted the risk. CodeSentinel provides three ways to suppress issues: inline comments, a .codesentinelignore file, and the rules.exclude config option.

Inline ignore comments

Place a // codesentinel-ignore comment on the line before the vulnerable code to suppress all rules on that line:

javascript

// codesentinel-ignore
const query = `SELECT * FROM users WHERE id=${userId}`

// codesentinel-ignore CS1001 -- accepted risk, parameterized not possible here
const result = legacyQuery(rawInput)

Optionally specify a rule ID and a reason. The reason is captured in the audit log for compliance reporting.

.codesentinelignore

Create a .codesentinelignore file in your repository root using the same glob syntax as .gitignore:

bash

# Ignore all files in the legacy directory
src/legacy/**

# Ignore a specific file
src/vendor/old-crypto.js

# Ignore test files
**/*.spec.ts
**/__mocks__/**

Global rule exclusions

To suppress a rule across your entire project, add its ID to rules.exclude in codesentinel.json:

json

{
  "rules": {
    "exclude": ["CS2018", "CS3041"]
  }
}

Audit your suppressions

Ignored issues are visible in the CodeSentinel dashboard under Security Exceptions. Your team can review and approve each suppression during code review.

Previous

Config File

Next

Overview