False Positive Analysis

Overview

False Positive Analysis uses the AppSec AI Agent to help validate whether a reported vulnerability should remain actionable or be treated as a false positive.

When enabled through Policies, the capability can:

analyze vulnerabilities using AI;
update the status to False Positive or Identified;
record the decision and justification in the Timeline.

All AI-driven decisions remain visible and auditable.

Where to Find It

When the capability is enabled, the AI indicator appears above the filtered vulnerability list in the Vulnerabilities area.

Reviewing the Analysis

When the agent classifies a vulnerability as a false positive, the result is recorded in the vulnerability timeline together with the justification used in the analysis.

The same applies when the outcome is Identified instead of False Positive.

Requirement

To use False Positive Analysis, enable it first in Policies.

Contribute to the Docs

Found something outdated or missing? Help us improve the documentation with a quick suggestion or edit.

How to contribute

Resources

By exploring our content, you'll find resources that will enhance your understanding of the importance of a Security Application Program.

Conviso Blog: Explore our blog, which offers a collection of articles and posts covering a wide range of AppSec topics. The content on the blog is primarily in English.

Conviso's YouTube Channel: Access a wealth of informative videos covering various topics related to AppSec. Please note that the content is primarily in Portuguese.

Overview​

Where to Find It​

Reviewing the Analysis​

Requirement​