Noise Reduction

Premium

Security scanners generate hundreds of findings. Noise reduction helps you focus on what matters by deduplicating findings and filtering out low-priority issues.

The Problem

100+
Findings per scan
80%
Are duplicates
Alert
Fatigue

How It Works

1. Fingerprinting

Every finding gets a unique, stable fingerprint based on its key attributes:

Scan TypeFingerprint Components
SASTrule_id + file_path + line_number
CSPMcheck_id + resource_id + region
DASTrule_id + URL + parameter
Runtimetitle + resource_id + resource_type

2. Tracking States

Each finding can be in one of four states:

openโ†’acknowledgedโ†’ignoredโ†’fixed
Acknowledged = tracked but won't alert | Ignored = false positive

Deduplication Commands

# View deduplication stats
$ codephreak dedup

   Deduplication Stats    
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”ณโ”โ”โ”โ”โ”โ”โ”โ”“
โ”ƒ Status        โ”ƒ Count โ”ƒ
โ”กโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”ฉ
โ”‚ Open          โ”‚ 15    โ”‚
โ”‚ Acknowledged  โ”‚ 42    โ”‚
โ”‚ Ignored       โ”‚ 8     โ”‚
โ”‚ Fixed         โ”‚ 23    โ”‚
โ”‚ Total         โ”‚ 88    โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

# Acknowledge a finding (won't alert, but still tracked)
$ codephreak dedup a1b2c3d4 --action acknowledge
โœ… Acknowledged: a1b2c3d4

# Mark as false positive
$ codephreak dedup a1b2c3d4 --action ignore
๐Ÿ”‡ Ignored: a1b2c3d4

# Reopen a finding
$ codephreak dedup a1b2c3d4 --action reopen
๐Ÿ”„ Reopened: a1b2c3d4

Noise Filter Configuration

Configure filtering rules in your codephreak.yml:

# codephreak.yml
noise_reduction:
  # Minimum severity to report
  min_severity: high    # Only critical + high
  
  # Paths to exclude
  exclude_paths:
    - node_modules/*
    - vendor/*
    - "*.test.js"
    - "*.spec.ts"
    - __tests__/*
  
  # Rules to exclude (too noisy or false positives)
  exclude_rules:
    - generic-api-key
    - hardcoded-password-default
    - insecure-random

Data Flow

Scan Results: 100 findings
โ†“ NoiseFilter
After filtering: 50 findings
removed low severity, test files
โ†“ DeduplicationEngine
New findings: 12
skipped acknowledged/ignored

Local Storage

Finding history is stored locally at:

~/.codephreak/findings_db.json

This allows deduplication to work across scans without requiring a server connection.

Benefits

Before

  • โ€ข 100+ alerts every scan
  • โ€ข Same finding every week
  • โ€ข No way to mark false positives
  • โ€ข Alert fatigue

After

  • โ€ข Only new, actionable findings
  • โ€ข Acknowledged findings stay quiet
  • โ€ข False positives marked as ignored
  • โ€ข Focus on what matters