-
Notifications
You must be signed in to change notification settings - Fork 0
Caspianignore
Caspian-Explorer edited this page Feb 7, 2026
·
1 revision
When you click Ignore on an issue, the decision is persisted to a .caspianignore file in the workspace root. This file can be committed to version control so your entire team shares the same ignore list.
# Caspian Security Ignore File
# Format: RULE_CODE file/path.ts:line # optional reason
XSS001 src/app.ts:42 # False positive, sanitized upstream
CRED001 src/config.ts # Test credentials only
DB001 src/legacy/query.ts:107 # Parameterized at runtime via ORM
| Component | Required | Description |
|---|---|---|
RULE_CODE |
Yes | The rule code to ignore (e.g., XSS001, CRED001) |
file/path.ts |
Yes | Relative file path from workspace root |
:line |
No | Optional 1-based line number |
# reason |
No | Optional comment explaining why the issue is ignored |
- Lines starting with
#are comments - Blank lines are skipped
- Paths use forward slashes (
/)
- Click Ignore on any issue in the results table
- An input box appears: "Reason for ignoring (optional)"
- Enter a reason or press Enter to skip
- The entry is appended to
.caspianignore
- Hover over a diagnostic squiggle
- Click Quick Fix (
Ctrl+.) - Select "Ignore Issue"
When the scanner runs, each detected issue is checked against the ignore list:
-
Rule code must match --
XSS001only ignoresXSS001, notXSS002 - File path must match -- relative path from workspace root
-
Line number (if specified) must match -- if the ignore entry includes
:42, only line 42 is ignored - No line = entire file -- if no line number is specified, all instances of that rule in that file are ignored
| Ignore Entry | What It Matches |
|---|---|
XSS001 src/app.ts:42 |
Only XSS001 on line 42 of src/app.ts |
CRED001 src/config.ts |
All CRED001 issues anywhere in src/config.ts |
DB001 src/legacy/query.ts:107 |
Only DB001 on line 107 of src/legacy/query.ts |
Caspian Security watches the .caspianignore file for changes:
- On startup: the file is loaded and cached
- On external change: a FileSystemWatcher detects edits and reloads the ignore list automatically
- On ignore click: the new entry is appended and the cache is updated
This means you can edit .caspianignore manually (e.g., in a text editor or during a code review) and the scanner picks up changes instantly without restarting VS Code.
Since .caspianignore is a plain text file in the workspace root:
-
Commit it to version control --
git add .caspianignore - Review ignore entries in PRs -- treat them like code changes
- Include reasons -- helps teammates understand why an issue was suppressed
- Periodically audit -- remove entries for code that has been refactored or deleted
Do not add .caspianignore to .gitignore. The whole point is to share ignore decisions across the team.
- Confidence Scoring -- understand which issues are truly critical before ignoring
- FAQ -- troubleshooting and common questions
Caspian Security
Run Anywhere
Features
Reference