Mobile-Security-Framework-MobSF
Mobile-Security-Framework-MobSF copied to clipboard
MobSF
[FEATURE]Can support ignoring some detected problems
I hope mobsf can support ignoring some detected problems and prevent these ignored problems from appearing in the report.
👋 @junwei-liu Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Sorry, because I am in mainland China. So I can't join https://mobsf.slack.com/unsupported-geo#/.
We do have suppression feature for a lot of findings. What are you trying to suppress in particular?
@ajinabraham I am also trying to find documentation on suppressing findings within the static analysis of an APK or IPA app file. For example, known behaviors or permissions that I'd like to ignore so that it isn't part of the scorecard. I see that there's a section to list suppressed findings, but there's no control to add new ones. I've gone through the documentation and the DEFCON video and I haven't seen how to do this. Can this be better documented?
@junwei-liu @jvictors-tp Suppression is currently available for MANIFEST ANALYSIS, CODE ANALYSIS for Android and IPA BINARY CODE ANALYSIS, CODE_ANALYIS findings for iOS. There are columns at the end of the table that allow you to do so.
Some features like permissions does not contribute to a score and cannot be suppressed.