This article will show you how you can use ShiftLeft's modifying findings feature to change the vulnerability's assigned severity level after initial code analysis.
We assume that you have a GitHub repo that you're scanning using NG SAST.
Step 1: Create the Configuration File
In the root directory, create a configuration file called ngsast.yaml that includes the following:
Step 2: Run the Action
ShiftLeft will automatically check your config file for any rules defined as
finding-modifications. If this exists, ShiftLeft will modify your findings whenever you run
sl analyze as part of your Action.
Testing Your Changes
Once you've implemented these changes, all identified SQL Injection vulnerabilities will be automatically marked with a status of moderate instead of critical once your workflow runs.
Before: SQL Injection Vulnerabilities marked as critical:
After: SQL Injection Vulnerabilities marked as moderate: