Marking false positives Feature

Reading the configuration of cloud assets when we have access is the best way to ensure no mistakes. But what if the API gives incorrect responses.

For example if you start a DigitalOcean droplet with a certain Linux Operating System version and later upgrade to a newer version, the API will still keep sharing the original version.

This becomes a challenge in the case of get a Data Protection Assessment (DPA) compliance from Meta/Facebook.

Other times you don't want to mention all the assets and misconfigs in your findings. They simply may not be relevant to getting the DPA.

To support this use case we are planning to add support for marking certain misconfigs for selected assets as misconfigs.

It will not be enough to just say something is a misconfig, you will be able to provide evidence for it as well.

Would you use this feature? Do let us know.

Mark a misconfig against a specifc asset as a false positive