The Claude Code Reviewer Action supports custom false positive filtering instructions, allowing you to tailor the review to your specific environment and requirements.
By default, the review includes a comprehensive set of exclusions and criteria for filtering out low-signal findings. However, every organization has unique requirements, technology stacks, and risk tolerances. The false-positive-filtering-instructions input allows you to provide your own custom criteria.
- Create a text file containing your custom filtering instructions (e.g.,
.github/false-positive-filtering.txt) - Reference it in your workflow:
- uses: PSPDFKit-labs/nutrient-code-review@main
with:
false-positive-filtering-instructions: .github/false-positive-filtering.txtThe file should contain plain text with three main sections:
List patterns that should be automatically excluded from findings.
Questions to assess whether a finding represents a real, actionable issue.
Specific guidance for common patterns in your environment.
See examples/custom-false-positive-filtering.txt for a complete example tailored to a modern cloud-native application.
If no custom file is provided, the action uses default instructions tuned to work well for most applications.
- Start with defaults: Begin with the default instructions and modify based on false positives you encounter
- Be specific: Include details about your architecture and conventions
- Document assumptions: Explain why certain patterns are excluded
- Version control: Track changes to your filtering instructions alongside your code
- Team review: Have your reviewers agree on the filtering instructions
- Technology-specific exclusions: Exclude findings that don't apply to your tech stack
- Infrastructure assumptions: Document controls at the infrastructure level
- Compliance requirements: Adjust criteria based on your compliance needs
- Development practices: Reflect your team's review standards