Learnings are rules Vidoc creates when you ignore issues. They help Vidoc avoid flagging similar false positives in future scans.
How Learnings Work
- You find a false positive issue
- Click “Ignore” and provide a reason
- Vidoc creates a learning from the context
- Future scans apply the learning automatically
- Similar false positives are filtered out
Creating Effective Learnings
When ignoring an issue, provide clear, specific reasons:
| Good Reason | Why It’s Effective |
|---|
| ”Input is sanitized by sanitizeHtml() in middleware” | Explains the security control |
| ”This is a test file, not production code” | Identifies context |
| ”User input is validated against allowlist” | Describes protection mechanism |
Better reasons create more accurate learnings. Be specific about why the issue is a false positive.
Viewing Learnings
The Learnings page displays:
- Learning ID - Unique identifier
- Reason - Why the original issue was ignored
- Created - When the learning was created
- Applied Count - Number of issues this learning affects
Learning Details
Click a learning to see:
- Original issue that triggered the learning
- All issues where this learning is applied
- Full context and code snippets
Managing Learnings
Delete a Learning
If a learning is too broad or no longer valid:
- Click the learning
- Click “Delete Learning”
- Affected issues return to Open status
Deleting a learning may cause previously filtered issues to reappear in future scans.
Review Applied Issues
To see which issues a learning affects:
- Click the learning
- View the “Applied Issues” section
- Review if the learning is correctly applied
Best Practices
- Review learnings periodically - Ensure they’re still valid
- Use specific reasons - Vague reasons create imprecise learnings
- Don’t ignore real issues - Only create learnings for true false positives
- Check applied count - High counts may indicate overly broad learnings
Related Pages
