Document skip configuration for acknowledging findings #364
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Copilot
AI
changed the title
[WIP] Add functionality to acknowledge findings in Poutine
docs: Document skip configuration for acknowledging findings in README
Oct 24, 2025
Contributor
|
Closes #364 |
fproulx-boostsecurity
approved these changes
Oct 24, 2025
fproulx-boostsecurity
changed the title
fproulx-boostsecurity
force-pushed
the
copilot/acknowledge-findings-feature
branch
from
2a39585 to
bc61c36
Compare
Talgarr
reviewed
Oct 24, 2025
Collaborator
Talgarr
left a comment
Talgarr
left a comment
There was a problem hiding this comment.
It can also be added using the flag: --skip
Add "Acknowledging Findings" section to README.md to improve discoverability of the existing skip configuration feature. This allows users to suppress false positives or accepted risks. Includes: - Use case explanations for when to skip findings - Complete documentation of all filter options (job, level, path, rule, purl, osv_id) - Practical examples showing how to skip by severity level, workflow path, and rule name Fixes #40 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Add documentation for the --skip command-line flag in both the Configuration Options section and the Acknowledging Findings section. Clarify that the command-line flag only supports skipping rules globally by name, while the configuration file supports granular filtering by job, path, level, etc. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
fproulx-boostsecurity
force-pushed
the
copilot/acknowledge-findings-feature
branch
from
bc61c36 to
770dd9e
Compare
SUSTAPLE117
approved these changes
Oct 27, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Improves discoverability of the existing
skipconfiguration feature by adding comprehensive documentation to README.md. This addresses #40 where users wanted a way to acknowledge findings that are not relevant in their context.Background
Users need to suppress findings that are false positives or accepted risks (e.g.,
pr_runs_on_self_hostedwhen runners are hardened). This functionality already exists via theskipoption in.poutine.ymlbut was only documented in.poutine.sample.yml, making it hard to discover.Changes
Added "Acknowledging Findings" section to README.md with:
Use cases: When and why to skip findings (false positives, mitigated risks, etc.)
Filter options: Complete documentation of all available filters:
job: Filter by job namelevel: Filter by severity (note, warning, error)path: Filter by workflow file pathrule: Filter by rule namepurl: Filter by package URLosv_id: Filter by OSV IDExamples:
Fixes #40
🤖 Generated with Claude Code