Skip to main content
Exclusions

Exclude one or more items from a test and provide a business rationale so the item is no longer accounted for in the test.

Updated over a week ago

Companies have the ability to exclude one or more items from a test when that test is not applicable to those items. This will ensure each time the test is run, those items are excluded. Excluded items will also always be visible within the test on the monitoring page.

BEFORE DIVING IN

  • Admins, Information Security Leads, and DevOps Engineer have the ability to set exclusions.

  • For those with Compliance as Code, you can exclude items or recommended changes for a test. Ensure that you configured and connected your repository with in Drata.

    • To verify if you connected your Github repository, go to the Settings page and then Compliance as Code.

Exclude items from a test

Excluded items will no longer cause the test to fail. After excluding an item, you can run the test to view the changes that you made. You can also revert or re-include any exclusions made.

  1. Navigate to the 'Monitoring' page.

  2. Ensure you are on the Production tab, and select a failed test.

    • For Compliance as Code tests, select the Code or Pipeline tabs, and then select a failed test.

      • If you are excluding items from the Pipeline tab, select the Exclude findings button instead of the exclude icon (which is mention in the next steps).

  3. Within the drawer, scroll down to the Last test result section and ensure you are on the Included tab. You can exclude all items, multiple items, or just one item.

    • To exclude all items, select or checkmark the Select All option. Then, select the exclude icon ().

    • To exclude multiple items, select or check mark the items you want to exclude. Then, select the exclude icon.

    • To exclude one item, select the exclude icon that relates with the item you would like to exclude.

  4. Enter the reason for the exclusion then submit.

  5. Once you exclude an item, the item will be displayed in the Excluded tab. If there is not an Excluded tab, that means there is no exclusions.

For example, on this 'Public SSH Denied' test, a security group is listed that allows public SSH. There is a business reason for this allowance. To exclude an item, select the minus icon to the right of the item, and you'll be given a modal to provide a business rationale for the exclusion.

Re-include an exclusion

  1. Navigate to the 'Monitoring' page.

  2. Ensure you are on the Production tab, and select a failed test.

    • For those with Compliance as Code, select the Code tab, and then select a failed test.

  3. Within the drawer, scroll down to the Last test result section and ensure you are on the Excluded tab. If there is not an Excluded tab, that means there is no exclusions.

  4. Select the items you would like to include, and then select the addition icon ().

  5. You will see the modal where you provided business rationale for the exclusion prior. Select Reinclude to reinclude that item.

Did this answer your question?