Docs
Configuration
Tune scan profiles, report output, cache, vulnerability data, and policies.
Create config
Use `radar init` to create starter configuration and adjust it per project.
radar init
radar scan . --config .radar.tomlExclude reviewed false positives
Use finding exclusions for reviewed false positives. They work in local scans, MCP tools, pre-commit hooks, and GitHub Actions because the scanner marks matching findings as suppressed before scorecards and gates are computed.
[[exclusions.findings]]
rule_id = "SEC-SQLI-001"
path = "src/generated/**"
reason = "Generated query builder reviewed manually"
[[exclusions.findings]]
fingerprint = "finding-fingerprint-from-json"
reason = "False positive confirmed in review"