Skip to content

FAQ

How can I ignore a finding ?

It is possible that something Boost found is not actually a problem. In this case, you may add a noboost comment at the end of the line to tell the scanner to ignore it.

In languages like Java, Javascript, and Typescript use the following:

someLineFlaggedByBoost() // noboost

For languages like Python, Ruby, or Terraform ignore a line by the following:

someFlaggedLine() # noboost

You can also decide to ignore specific rules by supplying each rule name separated by a space.

someLineFlaggedByBoost() // noboost rule1 rule2

How can I ignore multiple files or entire directories ?

Boost supports ignoring entire files and directories by simply committing a .boostignore file to the root of the project.

The format of the file is the same as .gitignore files such as:

ignore-one-file
a/**
a/b/**/c/**

Boost recommends using the following published .boostignore file which will reduce common false positives across various languages and frameworks.

What if I want a different policy on each repository?

Note

The repository-level policy feature is still under active development.

Boost supports repository level policies by adding a sectool-config.json file to your repository. The contents of the sectool-config.json follow the exact format of the org-level policy when viewed in the code editor of the Policy page.

How do I make sure certain files are not deleted during a Diff-scan?

Boost optimizes tool runtime by scanning only modified files (where appropriate) on PR runs. In order to specify critical files that should not be ignored a .boostinclude file can be commited to the root of the project. This file tells Boost what files to always retain when preparing the working directory for a diff-scan and has the same format at the .boostignore file. An example has been provided below:

# Scripts used to run tools:
bin/**/*

# Configuration for tools:
config/**/*

How can prevent scanner failures from impacting my pipelines

Boost Scanner may optionally be configured to ignore most exceptions and return a successfull exit code in case of failure. To enable this, you may either pass the --ignore-failures command line option or set the BOOST_IGNORE_FAILURE=true environment variable.