diff --git a/flask_webgoat/users.py b/flask_webgoat/users.py
index cc9aa4ff..d6489c52 100644
--- a/flask_webgoat/users.py
+++ b/flask_webgoat/users.py
@@ -34,6 +34,7 @@ def create_user():
             402,
         )
 
+    # nosemgrep: python.lang.security.audit.formatted-sql-query.formatted-sql-query
     query = "INSERT INTO user (username, password, access_level) VALUES (?, ?, ?)"
 
     try: