rules in ignore-rules.conf file not taken into consideration

[Salam Elias]

I created a file where I added the following 2 lines

10035 IGNORE Strict-Transport-Security Header - Passive/release
10051 IGNORE Relative Path Confusion - Active/beta

After running the scan, at the end I see

SKIP: Relative Path Confusion [10051]
IGNORE-NEW: Strict-Transport-Security Header Not Set [10035] x 4
        https://www.mysite.fr/ (301 Moved Permanently)
        https://www. mysite .fr (301 Moved Permanently)
        https://www. mysite .fr/robots.txt (301 Moved Permanently)
        https://www. mysite .fr/sitemap.xml (301 Moved Permanently)
FAIL-NEW: 0     FAIL-INPROG: 0  WARN-NEW: 0     WARN-INPROG: 0  INFO: 0 IGNORE: 1       PASS: 137

Why one is SKIP, 2nd is IGNORE-NEW

In fact I thought that using ignore rule will noit display anyhting about those 2 items in the output? Am I mistaken?

[Simon Bennetts]

Hiya,

If you "IGNORE" an active scan rule then it will not be run - hence the "SKIP" line.

If you "IGNORE" a passive scan rule then it will still be run but the results will be ignored, hence the "IGNORE" line.

So ones an active rule and ones a passive rule.

We could not stop ignored passive scan rules from being run .. but I dont think that feature was available when the packaged scans were written.

So your configuration file is being used as expected.

Cheers,

Simon

[Salam Elias]

HI, thanks for the explanation. I thought using ignore will not write in the output about ignored items, that was my initial understanding.

I use Zap inside CI/CD Azure Devops pipeline and would like those ignored items not to show in the test report in order not make Project managers panic