Create OWASP top 10 only rules policy
Create an OWASP top 10 policy to focus the analysis of your source code on OWASP top 10 based findings only. When you save the policy to the root of a repo or directory you wish to scan, it disables all rules except for rules specifically linked to the OWASP top 10 list.
Best practice: Use this policy on new Scan projects only. If you use the policy on an existing project, Contrast Scan might mark some existing findings as Remediated and therefore, may show significant changes to open vulnerabilities.
View scan details describes how to see which files and rules are excluded for a specific scan.
Steps
Create a text file named
contrastsec.checks.config
and place it at the root of the project you are going to scan.Copy the code in OWASP 10 rules only and add it to the file.
Run the scan.
See also
Create custom Scan rule exclusions shows an example of how to significantly change the rules a scan uses. Doing so lowers the noise and potential for false positives that can occur with the larger rules base.