Skip to main content
Skip table of contents

Suppress Findings from your GitLab Repository

Overview

Your development team can directly suppress code findings identified by Mend Code Security Checks as false positives right within your GitLab repository. This eliminates the need to switch contexts to the Mend AppSec Platform, enabling developers to work uninterrupted within their familiar workflow. Suppressing false-positive findings directly from your repository ensures that your Pull Requests (PRs) do not get blocked unnecessarily.

Note: For more about suppressing findings within the Mend AppSec Platform, please refer to our Triage your Code Security Findings documentation.

Getting it done

Enabling the Suppression Feature in Your Repository

To enable and manage suppression directly from your GitLab repository, introduce the findingSuppressions parameter within the scanSettingsSAST section of your .whitesource file:

CODE 
"scanSettingsSAST": {
  "findingSuppressions": "enabled"
}

Available options for the findingSuppressions parameter:

  • enabled (default) - Suppressions are available through the repository and are applied immediately once selected.

  • disabled - Suppressions are not available through the repository scans.

Scope: The main use case for suppressions from the repo is on Pull Requests because this is where a false positive could really be a blocker for a developer.

In addition, suppressions are also supported from the Code Security Report Issue and from GitLab issues created for individual findings.

Suppress Findings From a Check Run

When a GitLab check run identifies a code security issue, Mend automatically creates inline comments on the PR, highlighting the specific finding directly in the new code at the identified line:

image-20250625-194101.png

To suppress a finding, the corresponding section has to be expanded. It includes two checkboxes with potential reasons for the suppression:

image-20250625-194143.png

Once selected, the finding will immediately be suppressed in the Mend AppSec Platform, and the inline comment will disappear from the view.

image-20250625-194620.png

Suppression Visibility after Merging an MR

After merging the Merge Request and scanning the base branch, all suppressed findings become visible in the Mend AppSec Platform with a suppressed status. The suppression details—including the reason and the GitLab username of the developer who performed the suppression—are clearly displayed for audit and tracking purposes:

image-20250625-195022.png
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close