Excluding issues with filter files

You can create a file to filter out particular vulnerability instances, rules, and vulnerability categories when you run the sourceanalyzer command. You specify the file with the -filter analysis option.

A filter file is a text file that you can create with any text editor. You specify only the filter items that you do not want in this file.

Note: The filter types described in this section apply to both filter files and scan policy files (see Applying a scan policy to the analysis).

The following table lists the available filter types and provides examples for each.

Filter type	Notes	Examples
Category	A category only covers all subcategories Note: OpenText SAST applies category filters in the initialization phase before any analysis has taken place.	`Poor Error Handling` `J2EE Bad Practices: Leftover Debug Code`
Instance ID	An instance ID of a specific issue Note: OpenText SAST applies instance ID filters after the analysis phase.	`6291C6A33303ED270C269917AA8A1005`
Rule ID	A rule ID that leads to the reporting of a specific issue Note: OpenText SAST applies rule ID filters in the initialization phase before any analysis has taken place.	`823FE039-A7FE-4AAD-B976-9EC53FFE4A59`
Priority¹	The priority values in ascending order are `low`, `medium`, `high`, and `critical`.	`priority <= low` `priority < medium`
Taint flags	Enclose taint flag expressions in parentheses. Use the logical `&&`, `\|\|`, and `!` operators to specify an expression. For a list of taint flags, see OpenText™ Static Application Security Testing Custom Rules Guide.	`(SYSTEMINFO \|\| EXCEPTIONINFO)` `(WEB \|\| (DATABASE && PRIVATE))` `(NETWORK && !XSS)`
Impact¹		`impact < 0.5`
Likelihood¹		`likelihood <= 1.5`
Confidence¹		`confidence < 1.8`
Probability¹		`probability <= 1.2`
Accuracy¹		`accuracy <= 1.0`

¹For the priority and metadata filters, use less than (<) or less than or equal to (<=).

See also

Filter file example