Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GitHub Exam GitHub-Advanced-Security Topic 7 Question 8 Discussion

Actual exam question for GitHub's GitHub-Advanced-Security exam
Question #: 8
Topic #: 7
[All GitHub-Advanced-Security Questions]

-- [Configure and Use Code Scanning]

After investigating a code scanning alert related to injection, you determine that the input is properly sanitized using custom logic. What should be your next step?

Show Suggested Answer Hide Answer
Suggested Answer: D

When you identify that a code scanning alert is a false positive---such as when your code uses a custom sanitization method not recognized by the analysis---you should dismiss the alert with the reason 'false positive.' This action helps improve the accuracy of future analyses and maintains the relevance of your security alerts.

As per GitHub's documentation:

'If you dismiss a CodeQL alert as a false positive result, for example because the code uses a sanitization library that isn't supported, consider contributing to the CodeQL repository and improving the analysis.'

By dismissing the alert appropriately, you ensure that your codebase's security alerts remain actionable and relevant.


by Dewitt at Jul 05, 2025, 05:24 PM

Limited Time Offer

25%

Off

Get Premium GitHub-Advanced-Security Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Breana
20 days ago
I believe dismissing the alert as a false positive is not the best approach in this case.
upvoted 0 times
...
Jacklyn
21 days ago
I would go with option A and draft a pull request to update the open-source query.
upvoted 0 times
...
Mitzie
26 days ago
I agree with Sol, it's important to report the findings.
upvoted 0 times
...
Armando
26 days ago
Ah, the joys of security theater. Dismiss that alert and get back to writing actual code, folks!
upvoted 0 times
...
Temeka
29 days ago
Hmm, I wonder if the CodeQL team would appreciate a sassy email about their 'helpful' alerts. Oh well, D it is!
upvoted 0 times
...
Melissia
30 days ago
A is an interesting idea, but updating the open-source query doesn't address the specific issue in your codebase. D is the way to go here.
upvoted 0 times
Caitlin
16 days ago
User 1: I think we should draft a pull request to update the open-source query.
upvoted 0 times
...
...
Olene
1 months ago
B seems tempting, but ignoring security alerts is never a good idea. I'd go with D and document the reasoning for the false positive.
upvoted 0 times
Kristofer
18 days ago
Yes, it's important to document false positives to improve the scanning process.
upvoted 0 times
...
Fausto
25 days ago
I agree, ignoring alerts can lead to security vulnerabilities.
upvoted 0 times
...
...
Trinidad
1 months ago
I think the correct answer is D. Dismissing the alert as a false positive makes the most sense since the input is already properly sanitized.
upvoted 0 times
Jennifer
16 days ago
User 2: Dismissing the alert as a false positive makes sense in this case.
upvoted 0 times
...
Yaeko
18 days ago
User 1: I think the correct answer is D.
upvoted 0 times
...
...
Sol
2 months ago
I think we should open an issue in the CodeQL repository.
upvoted 0 times
...

Save Cancel