Excluding issues with filter files

You can create a file to filter out particular vulnerability instances, rules, and vulnerability categories when you run the sourceanalyzer command. You specify the file with the -filter analysis option.

A filter file is a text file that you can create with any text editor. You specify only the filter items that you do not want in this file.

The filter types described in this section apply to both filter files and scan policy files (see Applying a Scan Policy to the Analysis).

The following table lists the available filter types and provides examples for each.

Filter type	Notes	Examples
Category	A category only covers all subcategories OpenText SAST applies category filters in the initialization phase before any analysis has taken place.	`Poor Error Handling` `J2EE Bad Practices: Leftover Debug Code`
Instance ID	An instance ID of a specific issue OpenText SAST applies instance ID filters after the analysis phase.	`6291C6A33303ED270C269917AA8A1005`
Rule ID	A rule ID that leads to the reporting of a specific issue OpenText SAST applies rule ID filters in the initialization phase before any analysis has taken place.	`823FE039-A7FE-4AAD-B976-9EC53FFE4A59`
Priority¹	The priority values in ascending order are `low`, `medium`, `high`, and `critical`.	`priority <= low` `priority < medium`
Taint flags	Enclose taint flag expressions in parentheses. Use the logical `&&`, `\|\|`, and `!` operators to specify an expression. For a list of taint flags, see OpenText™ Static Application Security Testing Custom Rules Guide.	`(SYSTEMINFO \|\| EXCEPTIONINFO)` `(WEB \|\| (DATABASE && PRIVATE))` `(NETWORK && !XSS)`
Impact¹		`impact < 0.5`
Likelihood¹		`likelihood <= 1.5`
Confidence¹		`confidence < 1.8`
Probability¹		`probability <= 1.2`
Accuracy¹		`accuracy <= 1.0`

¹For the priority and metadata filters, use less than (<) or less than or equal to (<=).

See Also

Filter File Example