Skip to content

[K9VULN-15241] Update docs on suppressed violations #36973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gillarramendi merged 6 commits into from
May 25, 2026
+9 −3
Merged

[K9VULN-15241] Update docs on suppressed violations #36973

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f35f92c
Update docs on suppressed violations
gillarramendi May 25, 2026
8de5118
Update content/en/security/code_security/static_analysis/configuratio…
gillarramendi May 25, 2026
6e1cce6
Update content/en/security/code_security/static_analysis/configuratio…
gillarramendi May 25, 2026
7e19f00
Update content/en/security/code_security/static_analysis/configuratio…
gillarramendi May 25, 2026
2ae2456
Update content/en/security/code_security/static_analysis/configuratio…
gillarramendi May 25, 2026
6118a2b
Update content/en/security/code_security/static_analysis/configuratio…
gillarramendi May 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions content/en/security/code_security/static_analysis/configuration/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,26 +253,32 @@ sast:

#### Ignore for a specific instance

To ignore a specific instance of a violation, comment `no-dd-sa` above the line of code to ignore. This prevents that line from ever producing a violation. For example, in the following Python code snippet, the line `foo = 1` would be ignored by Static Code Analysis scans.
To ignore a specific instance of a violation, comment `no-dd-sa` above the line of code. Violations suppressed with `no-dd-sa` are shown as **suppressed**, rather than omitted entirely, so you can search and audit them.

On the [Repositories page][1], suppressed violations appear with `is_suppressed: true`. In the [Vulnerabilities explorer][2], they appear with `status: muted` and `workflow.mute.reason: muted_in_code`.

For example, in the following Python code snippet, the line `foo = 1` would be suppressed in Static Code Analysis scans.

```python
#no-dd-sa
foo = 1
bar = 2
```

You can also use `no-dd-sa` to only ignore a particular rule rather than ignoring all rules. To do so, specify the name of the rule you wish to ignore in place of `<rule-name>` using this template:
You can also use `no-dd-sa` to only suppress a particular rule, rather than suppressing all rules. To do so, specify the name of the rule you wish to suppress in place of `<rule-name>` using this template:

`no-dd-sa:<rule-name>`

For example, in the following JavaScript code snippet, the line `my_foo = 1` is analyzed by all rules except for the `javascript-code-style/assignment-name` rule.
For example, in the following JavaScript code snippet, the line `my_foo = 1` is suppressed only for the `javascript-code-style/assignment-name` rule, but all other rules still analyze it.

```javascript
// no-dd-sa:javascript-code-style/assignment-name
my_foo = 1
myBar = 2
```

[1]: https://app.datadoghq.com/security/code-security/repositories
[2]: https://app.datadoghq.com/security/code-security/sca
[6]: /security/code_security/static_analysis/static_analysis_rules
[25]: https://github.com/DataDog/datadog-static-analyzer/blob/main/doc/legacy_config.md
[26]: /security/code_security/guides/configuration/
Loading