Skip to main content

sl remediation

The remediation command is used to create a config file with rules and patterns that determine which findings are suppressed when running sl analyze.


To run: sl remediation [command options]

Command options

configCreate a remediation config file
dry-runTest run your vulnerability remediation config. Does not make any changes to your findings at this time


Creating your config file: run sl remediation config <filename>.yaml to create a sample config file that you can modify:

# Example analysis remediation config
# - method:,java.lang.Object)
# tags:
# - key: category
# value: Sensitive Data Leak
# - pattern: Logger.debug
# tags:
# - key: category
# value: Sensitive Data Leak

Testing your definitions: run sl remediation dry-run --config <filename>.yaml --app <yourApplication> to preview the changes that would be made based on the rules you defined in your configuration file. This command prints to the command line the methods Qwiet has identified as matching the parameters you defined. No changes are made at this time.

Once you have created and tested your file using sl remediation, you will need to provide the config file using the --remediation-config flag when running sl analyze. See the tutorial for full instructions.