sl remediation
The remediation command is used to create a config file with rules and patterns that determine which findings are suppressed when running sl analyze.
Usage
To run: sl remediation [command options]
Command options
| Option | Description |
|---|---|
config | Create a remediation config file |
dry-run | Test run your vulnerability remediation config. Does not make any changes to your findings at this time |
Example
Creating your config file: run sl remediation config <filename>.yaml to create a sample config file that you can modify:
# Example analysis remediation config
methods:
# - method: org.slf4j.Logger.info:void(java.lang.String,java.lang.Object)
# tags:
# - key: category
# value: Sensitive Data Leak
# - pattern: Logger.debug
# tags:
# - key: category
# value: Sensitive Data Leak
Testing your definitions: run sl remediation dry-run --config <filename>.yaml --app <yourApplication> to preview the changes that would be made based on the rules you defined in your configuration file. This command prints to the command line the methods Qwiet has identified as matching the parameters you defined. No changes are made at this time.
Once you have created and tested your file using
sl remediation, you will need to provide the config file using the--remediation-configflag when runningsl analyze. See the tutorial for full instructions.