search

How to set a vulnerability exclusion

Exclusions allow you to acknowledge and temporarily ignore specific policy violations so they do not negatively impact your security score. While this is a powerful feature for managing false positives or accepted risks, it is recommended to handle exclusions with care.

In the IaC scanner, you can manage these exclusions directly from the interactive report UI.

hashtag
Set an exclusion

In the security assessment section find the desired vulnerability, open the Actions tab and click one of the options:

You can also exclude multiple policies at once by:

  • Selecting the from the Violated polices section

  • Or by excluding all the policies affecting a specific resource from the Resources Assessment section

hashtag
Remove an exclusion

If a previously excluded vulnerability now needs to be restored, you can remove the exclusion to bring the issue back into your active report. There are two ways to do this within the interface:

Removing via the Mitigation tab

When an issue is currently mitigated (excluded), you can remove this status directly from the issue details view:

  1. Locate the excluded resource in your scan results.

  2. Ensure the Mitigation tab is selected.

  3. You will see the reason provided for the original exclusion. Click the Remove button located on the right side of this panel.

Once clicked, the mitigation is cleared, and the policy will return to the "Violated policies" list.

Removing via the Exclusions list

You can also manage exclusions from the summary sidebar on the right side of the screen:

  1. In the Exclusions section at the bottom of the sidebar, find the specific policy you wish to re-enable.

  2. Select the checkbox next to the policy name.

  3. A Remove button will appear in the section header. Click this button to batch-remove the selected exclusions.

Removing an exclusion will immediately update the report status, and the security violation will once again contribute to your project's overall risk score until the Terraform configuration is updated to comply with the policy.

Removing resource exclusions

If an entire resource and all its associated policy violations have been excluded, you can restore them from the resource-level view:

  • Navigate to the excluded resource in the report.

  • Click the Remove button at the right of the resource entry to reactivate all policy checks for that specific resource.

PreviousPolicy management pageNextUsing the ignore file

Last updated