False Positive Best Practice
What is the best practices from Flexera for handling false positives?
- Mark file as reviewed only
- Create unpublished inventory item called "False Positives"
- Create multiple "False Positive" unpublished inventory items -- Use information to modify scan profile to avoid false positives in future
We actually use all three depending on our situation. For example, if we have multiple people reviewing the same scan, the person who is responsible for following up on text and license matches to "gpl" will often create an unpublished group called "not gpl" so that if other people working on the scan are reviewing other indicators they can see that someone has already identified the gpl match is a false positive. If I am just working on a scan by myself, once I have reviewed all the indicators associated with a file I will mark it as reviewed.
If you find a search term is creating "too many" false positive you can try to fine tune the text strings that are in the scan settings based on the results you are seeing.
If the false positive is in in-house proprietary code, it might be helpful to create a group called in-house code to mark files that have false positive indicators. Especially, if you are familiar with the code and know that it was authored by your developers. It can be a quicker way to remove false positives.
Ultimately, practice seems to be the best medicine for quickly identifying false positives and quickly marking them.