问题
There are some warnings that we don't want to fix. How to suppress or exclude them from being generated in future reports, in local and Jenkins CI?
Like in PMD or FindBugs, some warnings we can use annotations.
For example: Logging error messages in catch blocks. This is important for us to know about the operation. Checked this but does not meets our need.
回答1:
From the SCA User Guide:
You can create a file to filter out particular vulnerability instances, rules, and vulnerability categories when you run the sourceanalyzer command. You specify the file with the -filter analysis option.
来源:https://stackoverflow.com/questions/44798596/how-to-exclude-warnings-in-fortify