sl remediation

The remediation command is used to create a config file with rules and patterns that determine which findings are suppressed when running sl analyze.

Usage

To run: sl remediation [command options]

Command Options

OptionDescription
configCreate a remediation config file
dry-runTest run your vulnerability remediation config. Does not make any changes to your findings at this time

Example

Creating your config file: run sl remediation config <filename>.yaml to create a sample config file that you can modify:

# Example analysis remediation config
methods:
# - method: org.slf4j.Logger.info:void(java.lang.String,java.lang.Object)
# tags:
# - key: category
# value: Sensitive Data Leak
# - pattern: Logger.debug
# tags:
# - key: category
# value: Sensitive Data Leak

Testing your definitions: run sl remediation dry-run --config <filename>.yaml --app <yourApplication> to preview the changes that would be made based on the rules you defined in your configuration file. This command prints to the command line the methods ShiftLeft has identified as matching the parameters you defined. No changes are made at this time.

Once you have created and tested your file using sl remediation, you will need to provide the config file using the --remediation-config flag when running sl analyze. See the tutorial for full instructions.