scans

pranavcodeant · pranavcodeant · commit 48ac7b4eb294 · 2026-05-04T18:45:59.000+05:30
diff --git a/src/commands/scans/index.js b/src/commands/scans/index.js
@@ -71,7 +71,8 @@ export default function registerScansCommands(program, { runCmd }) {
     .option('--severity <list>', 'Filter by severity (e.g. critical,high)')
     .option('--path <glob>', 'Filter by file path glob')
     .option('--check <regex>', 'Filter by check ID or name (regex)')
-    .option('--include-dismissed', 'Include dismissed findings (excluded by default)')
+    .option('--filter-dismissed', 'Exclude dismissed findings (default: false)')
+    .option('--no-false-positives', 'Exclude false positives (default: included)')
     .option('--format <fmt>', 'Output format: json|sarif|csv|md|table (default: json)', 'json')
     .option('--output <path>', 'Write output to file instead of stdout')
     .option('--fields <list>', 'Project findings to subset of fields (comma-separated)')
@@ -96,7 +97,8 @@ export default function registerScansCommands(program, { runCmd }) {
           severity: opts.severity,
           path: opts.path,
           check: opts.check,
-          includeDismissed: opts.includeDismissed || false,
+          filterDismissed: opts.filterDismissed || false,
+          includeFalsePositives: opts.falsePositives ?? true,
           format: opts.format,
           output: opts.output,
           fields: opts.fields,
diff --git a/src/commands/scans/lib/filters.js b/src/commands/scans/lib/filters.js
@@ -1,29 +1,22 @@
 import { minimatch } from 'minimatch';
-import { isDismissed, findDismissMatch } from './dismissMatch.js';
 import { normalizeSeverity } from './normalize.js';
 
-const SEV_RANK = { critical: 5, high: 4, medium: 3, low: 2, info: 1, unknown: 0 };
-
 /**
- * Apply all filters to findings in-place (returns new array).
+ * Apply client-side filters to findings (returns new array).
+ * Dismissed / false-positive filtering is handled exclusively by the backend.
  *
  * @param {Array} findings - NormalizedFinding[]
  * @param {object} opts
- * @param {string[]|null} opts.severity  - allowed severity levels (e.g. ['critical','high'])
- * @param {string|null}   opts.pathGlob  - minimatch glob for file_path
+ * @param {string[]|null} opts.severity   - allowed severity levels (e.g. ['critical','high'])
+ * @param {string|null}   opts.pathGlob   - minimatch glob for file_path
  * @param {string|null}   opts.checkRegex - regex applied to check_id + check_name
- * @param {Array}         opts.dismissedAlerts - from fetchDismissedAlerts()
- * @param {boolean}       opts.includeDismissed
- * @returns {Array} filtered NormalizedFinding[] (dismissed field annotated)
+ * @returns {Array} filtered NormalizedFinding[]
  */
 export function applyFilters(findings, {
   severity = null,
   pathGlob = null,
   checkRegex = null,
-  dismissedAlerts = [],
-  includeDismissed = false,
 } = {}) {
-  // Pre-compile regex — strip Python/PCRE inline flag (?i) and fold into JS flag
   let checkRe = null;
   if (checkRegex) {
     try {
@@ -37,35 +30,15 @@ export function applyFilters(findings, {
     }
   }
 
-  // Severity set
   const sevSet = severity && severity.length > 0
     ? new Set(severity.map((s) => normalizeSeverity(s)))
     : null;
 
   const result = [];
   for (const f of findings) {
-    // Annotate dismiss status
-    const match = findDismissMatch(f, dismissedAlerts);
-    f.dismissed = match !== null;
-    if (match) {
-      f.dismiss_info = {
-        reason: match.reason_for_dismiss || null,
-        comment: match.comment_for_dismiss || null,
-      };
-    }
-
-    // Filter dismissed
-    if (f.dismissed && !includeDismissed) continue;
-
-    // Filter by severity
     if (sevSet && !sevSet.has(f.severity)) continue;
-
-    // Filter by path glob
     if (pathGlob && !minimatch(f.file_path, pathGlob, { matchBase: true })) continue;
-
-    // Filter by check regex
     if (checkRe && !checkRe.test(f.check_id) && !checkRe.test(f.check_name)) continue;
-
     result.push(f);
   }
   return result;
diff --git a/src/commands/scans/lib/normalize.js b/src/commands/scans/lib/normalize.js
@@ -106,8 +106,6 @@ export function normalizeIssue(issue, category) {
     cve: cve ? String(cve) : null,
     package: packageInfo,
     metadata,
-    dismissed: false,
-    dismiss_info: null,
   };
 }
 
diff --git a/src/commands/scans/results.js b/src/commands/scans/results.js
@@ -7,7 +7,6 @@ import { paginate } from './lib/paginate.js';
 import { emit } from './lib/emit.js';
 import { progress, logError } from './lib/log.js';
 import { FORMATTERS } from './formatters/index.js';
-import { fetchDismissedAlerts } from '../../scans/fetchDismissedAlerts.js';
 
 /**
  * codeant scans results — full orchestration.
@@ -23,7 +22,8 @@ export async function runResults(opts = {}) {
     severity,
     path: pathGlob,
     check: checkRegex,
-    includeDismissed = false,
+    filterDismissed = false,
+    includeFalsePositives = true,
     format = 'json',
     output: outputPath = null,
     fields = null,
@@ -53,16 +53,12 @@ export async function runResults(opts = {}) {
   // 2. Parse types
   const categories = parseTypes(types);
 
-  // 3. Fetch in parallel + dismissed alerts
+  // 3. Fetch in parallel
   progress(`fetching ${categories.map((c) => c.key).join(', ')}…`);
-  const [settled, dismissedResult] = await Promise.all([
-    Promise.allSettled(categories.map((c) => c.fetcher(repo, scanMeta.commit_id))),
-    includeDismissed
-      ? Promise.resolve({ success: true, dismissedAlerts: [] })
-      : fetchDismissedAlerts(repo, 'security'),
-  ]);
-
-  const dismissedAlerts = dismissedResult.success ? (dismissedResult.dismissedAlerts ?? []) : [];
+  const fetchOpts = { filterDismissed, includeFalsePositives };
+  const settled = await Promise.allSettled(
+    categories.map((c) => c.fetcher(repo, scanMeta.commit_id, fetchOpts))
+  );
 
   // 4. Collect findings + errors
   const allFindings = [];
@@ -100,8 +96,6 @@ export async function runResults(opts = {}) {
     severity: severityList,
     pathGlob: pathGlob || null,
     checkRegex: checkRegex || null,
-    dismissedAlerts,
-    includeDismissed,
   });
 
   // 6. Sort
@@ -115,7 +109,8 @@ export async function runResults(opts = {}) {
     severity: severityList,
     path: pathGlob || null,
     check: checkRegex || null,
-    include_dismissed: includeDismissed,
+    filter_dismissed: filterDismissed,
+    include_false_positives: includeFalsePositives,
   };
 
   // Rebuild summary from all filtered (pre-page) findings
diff --git a/src/scans/fetchAdvancedScanResults.js b/src/scans/fetchAdvancedScanResults.js
@@ -314,17 +314,17 @@ export async function fetchAdvancedScanResults(repo, commitId, resultType, opts
   }
 }
 
-export const fetchScaResults = (repo, commitId) =>
-  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.SCA);
+export const fetchScaResults = (repo, commitId, opts) =>
+  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.SCA, opts);
 
-export const fetchSbomResults = (repo, commitId) =>
-  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.SBOM);
+export const fetchSbomResults = (repo, commitId, opts) =>
+  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.SBOM, opts);
 
-export const fetchSecretsResults = (repo, commitId) =>
-  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.SECRETS);
+export const fetchSecretsResults = (repo, commitId, opts) =>
+  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.SECRETS, opts);
 
-export const fetchIacResults = (repo, commitId) =>
-  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.IAC);
+export const fetchIacResults = (repo, commitId, opts) =>
+  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.IAC, opts);
 
-export const fetchDeadCodeResults = (repo, commitId) =>
-  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.DEAD_CODE);
+export const fetchDeadCodeResults = (repo, commitId, opts) =>
+  fetchAdvancedScanResults(repo, commitId, ADVANCED_RESULT_TYPES.DEAD_CODE, opts);
diff --git a/src/scans/fetchScanResults.js b/src/scans/fetchScanResults.js
@@ -107,14 +107,14 @@ export async function fetchScanResults(repo, commitId, resultType, opts = {}) {
   }
 }
 
-export const fetchSastResults = (repo, commitId) =>
-  fetchScanResults(repo, commitId, VALID_RESULT_TYPES.SECURITY_ISSUES);
+export const fetchSastResults = (repo, commitId, opts) =>
+  fetchScanResults(repo, commitId, VALID_RESULT_TYPES.SECURITY_ISSUES, opts);
 
-export const fetchAntiPatternsResults = (repo, commitId) =>
-  fetchScanResults(repo, commitId, VALID_RESULT_TYPES.ANTI_PATTERNS);
+export const fetchAntiPatternsResults = (repo, commitId, opts) =>
+  fetchScanResults(repo, commitId, VALID_RESULT_TYPES.ANTI_PATTERNS, opts);
 
-export const fetchDocstringResults = (repo, commitId) =>
-  fetchScanResults(repo, commitId, VALID_RESULT_TYPES.DOCSTRING);
+export const fetchDocstringResults = (repo, commitId, opts) =>
+  fetchScanResults(repo, commitId, VALID_RESULT_TYPES.DOCSTRING, opts);
 
-export const fetchComplexFunctionsResults = (repo, commitId) =>
-  fetchScanResults(repo, commitId, VALID_RESULT_TYPES.COMPLEX_FUNCTIONS);
+export const fetchComplexFunctionsResults = (repo, commitId, opts) =>
+  fetchScanResults(repo, commitId, VALID_RESULT_TYPES.COMPLEX_FUNCTIONS, opts);
diff --git a/src/utils/fetchApi.js b/src/utils/fetchApi.js
@@ -22,7 +22,6 @@ const fetchApi = async (endpoint, method = 'GET', body = null) => {
   }
 
   try {
-    console.error(`API Request: ${url} ${method} ${JSON.stringify(body)}`);
     const response = await fetch(url, options);
 
     if (response.status === 403) {

Original file line number	Diff line number	Diff line change
`@@ -106,8 +106,6 @@ export function normalizeIssue(issue, category) {`
`106`	`106`	`cve: cve ? String(cve) : null,`
`107`	`107`	`package: packageInfo,`
`108`	`108`	`metadata,`
`109`		`- dismissed: false,`
`110`		`- dismiss_info: null,`
`111`	`109`	`};`
`112`	`110`	`}`
`113`	`111`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,6 @@ const fetchApi = async (endpoint, method = 'GET', body = null) => {`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`try {`
`25`		- console.error(`API Request: ${url} ${method} ${JSON.stringify(body)}`);
`26`	`25`	`const response = await fetch(url, options);`
`27`	`26`
`28`	`27`	`if (response.status === 403) {`