Allowed List Management

Select Management in the navigation bar and choose “Allowed List Management” from the dropdown. The Allowed List Management feature in CloudDefense gives you control over managing rules that your team members request to suppress. This global list of requests helps ensure that unnecessary SAST rules, which aren't relevant to your specific requirements, are appropriately managed.

The Allowed List Management page displays all requests made by team members to add certain rules to the Allowed list. As an admin, you have the permission to Approve or Deny these requests using the corresponding buttons located at the top right corner of the page.

Tip: 

• Use the search bar at the top to quickly find specific rules based on their names or identifiers. 

• The left column provides a range of filters to help you refine your search:

  • Status: Filter by the status of the request (e.g., approved, denied, pending).

  • Time Raised: Find requests based on the time they were made.

  • User: Identify which team member raised the request.

  • Application: Discover which application the rule belongs to.

These filtering options make it easy to cluster and identify specific requests, helping you maintain a clear and organized allowed list.

Request

Each request provides detailed information to help you make an informed decision. You can see which team has raised the request, the status of the exception, and any notes or comments attached by the user. 

Additionally, the View More Details tab contains comprehensive information about the vulnerability, including its severity, age, and the applications it impacts. This level of detail ensures you have all the context needed to manage the allowed list effectively.

Note: The Allowed List Management feature ensures that your security scans only flag relevant vulnerabilities, helping your teams stay focused on the most critical security issues.