APIAikido login

Ignore via code with .aikido files

The .aikido file (YAML-formatted) allows you to ignore certain CVE's and exclude certain paths from being scanned by Aikido. The .aikido files are read automatically whenever a scan is initiated.

Setting up the .aikido file

Create the .aikido file within the root of your repository.

Project directory with folders for nuget, app packages, source, and a .aikido config file.

Exclude specific paths or files

The exclude key and paths subkey allow you to hide specific files and directories from being scanned by Aikido code scanning. This will automatically exclude scans for secrets, SAST issues and lockfiles.

Note. Each path must be a complete path from your repository's root, and wildcards are not supported.

ignore:
  cves:
    CVE-2020-8203:
      reason: We do not care about this CVE
exclude:
  paths:
    - src/useless-folder
    - src/index.js
    - package-lock.json
    - package.json

Ignore CVEs

To ignore CVE's, add them to the .aikido yaml file with a reason. The Aikido UI will also show that these specific CVEs are ignored with reference to the .aikido file.

ignore:
  cves:
    CVE-2020-8203:
      reason: We do not care about this CVE
High severity CVE in package-lock.json downgraded via .aikido file configuration.

Additional options

It's also possible to ignore SAST findings using comments within your code.

Last updated

Was this helpful?