Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

How to Remove False Positives in Compliance Sheriff

« Go Back

Information

 
Article Number000003075
Article
One of the advantages to using Compliance Sheriff is the ability to completely customize the tool to fit specific environmental or project needs. One of the first and most important tasks in doing so is to eliminate the false positives associated with scans. This approach will yield more real and manageable results, especially when using Privacy and Accessibility standard templates. This article will describe several ways to eliminate false positives within Compliance Sheriff.


Result Revision Wizard

The Result Revision Wizard is one of the easiest and quickest tools to use to edit your results prior to submitting a report to your content owners and stakeholders for review.
The first way to get to this tools directly from the Scan Summary page, by clicking on "Revise Results":


Result Revision Button



From within this wizard you may first wanbt to use the "Apply Filter" option to filter this waizrd to show only those results that you wish to edit. For example, If I would like to change my "Failures" to passes for a given scan, I will check the box for "Failures", and make sure that all other boxes are unchecked like so:

Apply Filter Rev Wiz


Next I'll Change any of these Failures to any other setting as desired, such as "Pass", and then click "Apply Filter" again. Since I'm looking at failures, all of my updated rules should no longer be visible. When done, hit either the "close" button, or the browser back button, and thats it!

All changes will be displayed within the scan summary in the bottom left corner like so:

22
And Thats It! This tool will easily allow you to edit your results, however, you are doing just that, editing the results. Any changes made with this wizard will not change the outcome of future scans. So, while its easy to get to and use, these results are being editied for that report only.




Export Results to CSV

Sometimes (especially when working with Privacy or Accessibility templates), you may have the need to edit the results of several, even dozens or hundreds of issues. While the Result Revision Wizard is easy to get to, you certainly don't want to have to accomplish this task one at a time. Fortunately, Compliance Sheriff has another method for editing results, you can export those results to a csv file and then edit those results in something like Excel!

The first way to export results is from under the "More Options" menu, found on the scans page, then by clicking "Quick Export Results":


more options


Quick Export Results will then prompt you to save the CSV file.
TIP -- Use the "SaveAs" feature and save it with a name that corresponds to the scan you are exporting. For example, I'll save mine as "CryptzoneProducts.csv".
This way you'll be able to easily identify the file when you import it back in!

Once the file is saved on your machine, you can then open the file in something like Excel. The file should look something like this:


33


From here you can change the values in column C (to something like Pass), Save, and then import the file back in using the option "Import Results" (found under the same menu as the export option). This option allows you to edit a much larger set of results in a short amount of time, but at this point you are still editing results. Future scans will not be affected by these changes.



Advanced Export

The "Advanced Export" option works the same way as the Quick Export option. You're still exporting to a CSV file, but will be presented with a menu that looks like this:

adv export


The previous three examples show a quick and easy way to edit results prior to submitting a report, which can be handy when you wish to send only real, specific results to your content owners, or when a deadline or meeting is approaching. There are of course, more permanent solutions which will directly effect your future scans, and your overall projects. Ultimately, this is the more recommended approach when working on remediation. By taking the time to edit some of the settings and rules within Compliance Sheriff, you'll end up with results that will be more meaningful, with little or no effort as you contnue to work on the project. Some of the changes involve settings within the application, and some of the changes involve working directly with the checkpoints and checkpoint griups themselves. First, let's take a look at some of the settings.



Link Check Exclude Filter

Link Validation (found within the Site Quality Module) scans can be filtered so that certain links are excluded from the validation tests. This is actually a global setting and easy to add specific link nams to. You can find this setting under the "Settings" tab, then under "System Configuration". Right in the middle of the page, under "Scanner Settings", you'll see the filter:

Link Check Exclude Filter Example


You'll most likely already see an entry here, such as "logout". Just add the names of the links you wish to exclude with a coma seperated list, and the next time you run scans you will not see these links included.




Ignore Script Links
Another way to remove specific links, in this case "javascript" links from scans, is by adding a specfic setting to your Compliance Sheriff instance. This setting, once applied, will be visible under the "Settings" tab, under "System Configuration". It we be called "Ignore Script Links" and can be toggled via a checkbox.

Implementation of this setting will require physical access to the server if self hosted (hosted within your environment), or will require you to alert us through support if you are hosted by us. The one time procedure is as follows:

1. On the Compliance Sheriff server, locate the "HiScan.Config.xml" file located within the application directory, which by default is here:
                 C:\ProgramData\Cryptzone\ComplianceSheriff\Customers\Your_Customer_Name

2. Open the file using a text editor such as notepad.

3. Add the following key
<addkey="IgnoreScriptLinks" value="true" />

*** please enter the key exactly as its shown, it is case sensitive

4. save the file


Once this setting has been implemented, you'll see the following under "System Configuration":

Ignore Script Links under System Configuration


This setting can then be toggled on and off, and will force the scan engine to ignore javascript links when On.




Decorative Image List

Compliance Sheriff must be made aware of which images to flag as "decorative" by adding the specific image names to the Decorative Image List within Compliance Sheriff. (See Below)

As a rule of thumb:
All Images are required to have an alt tag.
Decorative Images are required to have an empty alt tag (alt=””).
Non-Decorative images must have an alt tag and a real description (alt=”Yellow Taxi Cab driving down 5th Avenue in NYC”).
  1. Click the "Settings" Tab.
  2. Click "User agents, variables & key attributes".
  3. Within the "User variables" window,  scroll down to "DecorativeImageList".
  4. At the end of that row add the name of the image file, for example: /ComplanyLogo.jpg,/CompamyLogoSmall.jpg
  5. Click on Save

Decorative Image List

Next run a scan to see the updated changes:
  1. Click on Scan Tab.
  2. Click on the name of the scan to edit the settings for that scan.
  3. *** Select the check box for "Retest All Pages".
  4. Click on "Save".
  5. Click on "Run” to start the scan.



Create Custom Checkpoint Groups
Sometimes, especially when working with templates such as WCAG 2.0 A or PFI, you'll come across one specific checkpoint that occurs on every page. There are a couple of different ways to approach this as shown previously, however if you know this specific issue is a false positive (and you may want to include this rule with other scans in other projects), it may be best to create a custom checkpoint group specific to a project that you're working on. Creating a custom checkpoint group will allow you to focus on only those rules that may be important to you for that proiject. In other words, you may not necessarily need to apply an entire group such as WCAG 2.0 A. Compliance Sheriff makes it easy to create a custom group with only specific rules selected.You can apply this custom group to  project or a specific set of scans, and leave the OOTB groups alone for future use. Here's how:

1. Select the "Checkpoints" tab from the navigation menu on the left, then select the "Groups" subpage:

Checkpoint_Groups

From here click "New" to create a new Group and give it a name (undeer "Short Description"). This name will show up in your "Available Checkpoint Group" List when you next create a scan:


New Checkpoint Group Example

From here you can "cherry pick" any rules you woul like in your custom group. You can sort by the "Module" drop down menu to find more checkpoints, and when your finshed just click "Save". You can always edit this checkpoint group later on if you wish to add or remove specific checkpoints. Custom goups are an easy way to ensure you are only applying those rules that are important to you for a specific project!



Customize Checkpoints
Compliance Sheriff is a "data Gathering" tool. And while we make it easy to scan your web content with some of the OOTB web standard templates such as WCAG 2.0 A or PII, essentially you can use this tool to scan for just about anytthing, as long as it can be identified as an element, or by one of it's attributes. One of the most powerful features in Compliance Sheriff is the ability to completely customize all of the rules (checkpoints). Not only are all of the checkpoints themselves visible within Compliance Sheriff, but you can also easily customize them as well, using the built in "Hints" :

Custom Checkpoint Example


Example of simple checkpoint edit

Sometimes, editing a checkpoint may be as simple as changing the regex field. In the above photo for example, if I want to look for a specific numeric code, I can take the OOTB Social Sec checkpoint, and change the values in the fileds. Save to "custom" and Im done.

You can also edit things like the "Priority" level on the page, or the "URL for more information" , which is the "HowToFix" link in the rendered view.
Creating custom checkpoints can take a little practice, and is a topic worthy of its own article, but I will note that generally it's a "Trial and Error" proces. There are lots of great checkpoints that come out of the box, and usually eliminating a specific element from a specific rule is as easy as adding an if\else statement to the beginning of the rule. There are lots of examples of this type of code in many of the checkpoints that come OOTB.

Tip -- Always save your custom checpoints to the "Custom" module, then add the custom rule to any checkpoint group you wish to use.

To Summarize, this article described 5 different examples of how to Remove false Poitives from within Compliance Sheriff:


Result Revision Wizard   ---   edits results only
Quick Export to csv   ---   edits results only
Advanced export to csv   ---   edits results only

Link Check Exclude filter   ---   will exclude links from the link validation checks as specified by this comma seperated list
Ignore Script Links   ---   This setting, once added, will allow you to "Ignore Script Links" from Link validation scns

Decorative Image List   ---   This list tells Compliance Sheriff which images are "decorative, and so therefore will expect them to have an empty alt set (alt="")

Create custom checkpoint groups   ---   This is an easy way to select only those specific rules to apply to your content

Custom Checkpoints   ---   You can always edit the code itself from within the "Checkpoints" page. Hints are provided as drop down menus, and most checkpoints are fully visible.



 
Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255