Ignore with .aikido Files
The .aikido file (YAML-formatted) allows you to ignore certain CVE's and exclude certain paths from being scanned by Aikido. These are read automatically whenever a scan is initiated.
Default behavior and customization
Aikido already excludes a large number of irrelevant files and directories by default in order to reduce noise as much as possible. This includes files and paths that are commonly non-actionable or not meaningful for security analysis.
The .aikido file is not required for standard usage. Instead, it is intended for organization-specific customization, allowing you to further tailor scanning behavior to your codebase, risk appetite, and internal policies. Use it when you need to ignore highly specific files, paths, or CVEs that are known to be irrelevant or intentionally accepted within your organization.
Setting up the .aikido file
Create the .aikido file within the root of your repository.
Exclude specific paths or files
The exclude key and paths subkey allow you to hide specific files and directories from being scanned by Aikido code scanning. This will automatically exclude scans for secrets, SAST issues, lockfiles and code quality.
Note: Path matching in .aikido is based on simple string inclusion.
If a configured value appears anywhere in the full file path, it will be excluded. Wildcards and regular expressions are not supported.
Ignore CVEs
To ignore CVE's, add them to the .aikido yaml file with a reason. The Aikido UI will also show that these specific CVEs are ignored with reference to the .aikido file.
Ignore Alternatives
Ignore SAST via code comments
It's also possible to ignore SAST findings using comments within your code.
Other .aikido use cases
The .aikido file can also configure repository-specific AutoFix behavior.
Use this to define settings like a custom branch prefix or a single AutoFix PR for the whole repository.
See AutoFix PR Configuration for the supported autofix settings and examples.
Last updated
Was this helpful?