If you wish to hide certain findings from your view, such as ones that originate from third-party libraries or those you do not deem important, then you can apply filters or apply suppressions to remove them from view.

The difference between filters and suppressions is that suppressions are applied to individual findings and will track those findings across builds. While filters simply filter the current results.

To filter on findings, first go to your build page and to the build results.

The filter bar allows you to add filters to the build’s findings. Once a filter is added it can also be removed by clicking on the X next to the filter.

To add a filter click on the Add filter button which will provide a drop down list of filters that can be added.

Suppressions are tied to individual findings and persist across builds. This is useful for situations when you have an issue type that is important to you, however a specific finding AppSweep found is not relevant to you. By suppressing that finding you can remove it from view for all existing and future builds of that application.

To suppress all the findings in one build for an issue, hover over the issue row and click the Suppress button.

To suppress an individual finding, click on the issue, locate the finding you wish to suppress and click the Suppress this finding icon.

To also show suppressed issues, you can set the filter to include suppressed issues. By default suppressed issues will not be shown.

To filter on findings found through static or interactive analysis, choose the relevant category. Static issues are produced without the need for IAST (link to IAST page), while interactive issues are found through running IAST.

To filter out findings based on whether they originated from third-party code or first-party code, untick the boxes for the findings you wish to exclude. Unselecting the Third-party box will hide all findings from identified libraries from the view.

The detail page of the issue will also clearly identify if it comes from a dependency.

Keep in mind that third-party libraries operate with the same privileges and capabilities as your app, allowing them full access to your files and permissions. For instance, library code might modify a global setting, which, while harmless in the library’s context, could create significant security vulnerabilities in your application. Therefore, issues in libraries are important to be reviewed.

To filter on the severity of the finding click the severity you wish to include. Multiple severities can be selected.

To mark issues as important click on the Important button of a given issue when hovering over it. This will be tracked between builds, so if the issue reappears it will be automatically marked as important. Using this you can prioritize issues that matter to you.

To only show issues marked as important, select Marked important from the drop down.

To filter out findings based on whether they are in reachable or unreachable code, select the relevant option from the drop down. When applications use a library, often they will not use much of the functionality of that library. This introduces code into the APK which will not be used by the application; unreachable code. Compilers will often be configured to try and remove this code however they often still leave unreachable code in the APK. Vulnerabilities in the unreachable code are therefore unexploitable and potentially not of interest to you.

It is important to note that we can not guarantee that a finding is unreachable due to the nature of program analysis.

To filter findings based on package names, click on the package you want to include in the package structure. The darker the color of a package the more findings are contained within that package. By clicking on a package it will then display the sub-packages to allow you to filter further. To go back up a package, click on the package on the highest level of the selection widget.

Alternatively you can click on the folder icon below the packages and select or type the package you wish to filter on. This can be repeated for subpackages. To go up a package click on the Go Up text.

To exclude certain packages from findings, click on the X packages suppressed drop down underneath the package structure and add the package you wish to exclude from the findings. You can add as many packages as you wish and all findings in subpackages will be excluded from the findings view.

To remove a package from the exclusion list simply click the trashcan icon next to the package you wish to remove.