At GuardRails, we focus on security that doesn't get in your way. That also means eliminating noise such as irrelevant security issues, and false alerts. We want to ensure that you, your software developers, and your security engineers don't have to waste time looking at a long list of possible issues.
GuardRails has an ever improving false positive detection logic, that benefits from everyone that is marking issues as false positives or not false positive in the dashboard, or simply reaching out to us with incorrect findings.
We are already exploring how machine learning can further improve this detection, so stay tuned for news on that front.
Reporting False Positives
There are three ways in which you can report false positives:
1. Via Email
Just send us an email to firstname.lastname@example.org and tell us what is wrong.
Please include the name of the repository, the finding category, filename and line number and if possible a brief description on why this is a false positive.
2. Via PR Comment
In the PR comments you have the link to a feedback form. Just answer the questions and mention the false positives in section 4.
3. Via the Dashboard
In the dashboard you can toggle the detailed view (see step 1) and then mark issues as either false positive or not a false positive. We will receive the feedback automatically and process it asap. This will be integrated with our machine learning models in the future for automatic processing.