False-positive review

Before reviewing a finding

Use this page when a report finding looks wrong, low confidence, disputed by the customer or dependent on missing business context. False-positive review keeps uncertain findings visible while preventing unsupported evidence from becoming automated fix work or public report proof. Review the evidence first. A finding should be marked false positive only when the scanner context does not apply to the accepted page, the observed evidence is invalid, or reviewer context proves the finding should not be treated as actionable.

Review a possible false positive

Follow the path `Reports → Issue evidence → False-positive candidate → Review evidence → Mark false positive or keep actionable → Next action`.

1. Open /reports/{report} and select the finding marked likely false positive, low confidence or disputed. Result: issue evidence, confidence, affected URL and fingerprint are visible before review.
2. Compare the evidence text with screenshots, HTML snapshots, console and network context. Result: the decision is based on observed evidence instead of the title alone.
3. Check whether the affected URL is inside the accepted scan scope. Result: out-of-scope, redirected or unsupported pages do not become fix tasks or public findings.
4. Choose Needs review when evidence is incomplete or business context is missing. Result: the finding stays visible and waits for reviewer context.
5. Choose Mark false positive only when evidence does not apply to the accepted page or scanner context is invalid. Result: the finding is excluded from automated fix tasks and report candidates.
6. Keep the finding actionable when evidence matches the page and scope. Result: remediation, ticket export, monitoring or publication uses the finding with the evidence trail intact.

False-positive review outcomes

Use the outcome label to decide what the product should do next.

• Actionable means the finding remains in report candidates and can continue to remediation, ticket export, monitoring or publication gates.
• Needs review means evidence or business context is not enough yet; keep the finding private and visible until the reviewer decision is complete.
• False positive means the finding is excluded from automated fix tasks and public report candidates, while the private evidence trail remains available.
• Ignored means the customer does not want to act on the finding now; do not confuse this with false positive evidence.
• Reopened after retest means the same or related fingerprint appeared again and should be compared through [Issue fingerprints](/docs/reports/issue-fingerprints).

Blocked or unavailable review states

Do not force a false-positive decision when the evidence is not ready.

• Evidence incomplete means continue to [Evidence, screenshots and artifacts](/docs/reports/evidence-screenshots-and-artifacts) before suppressing or assigning the finding.
• Missing fingerprint means compare issue identity through [Issue fingerprints](/docs/reports/issue-fingerprints) before deciding whether the finding is recurring or unrelated.
• Low confidence without artifacts means use [Severity, categories and confidence](/docs/reports/severity-categories-and-confidence) before assigning engineering work.
• Scope changed means confirm accepted scope before treating the finding as wrong or resolved.
• Customer disagreement means keep the finding in Needs review until the evidence trail and business context are both documented.

Continue to publication gates

Continue to [Publication gates](/docs/reports/publication-gates) before sharing a report, PDF or public link that includes reviewed findings. If the finding stays actionable, continue to [Fix tasks](/docs/remediation/fix-tasks) or ticket export only after the evidence trail supports the work.