Associate a message with a False Positive

We’ve been hearing from a lot of teams that while being able to mark a false positive is valuable, it’s difficult for developers or an application security team to look over previously marked false positives and understand the context. We’ve always told you which developer marked it as a false positive, but even the developers who marked them may not remember the logic that led them to believe that a particular vulnerability was a false positive.

To address this we now allow you to (optionally) associate a message with a false positive. The reason appears next to the false positive when you browse your listing of false positives.