{"id":380,"date":"2025-06-24T05:57:52","date_gmt":"2025-06-24T05:57:52","guid":{"rendered":"https:\/\/sreschool.com\/blog\/?p=380"},"modified":"2025-06-24T05:57:53","modified_gmt":"2025-06-24T05:57:53","slug":"comprehensive-devsecops-tutorial-on-suppression-rules","status":"publish","type":"post","link":"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/","title":{"rendered":"Comprehensive DevSecOps Tutorial on Suppression Rules"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\">\ud83d\udcd8 <strong>Introduction &amp; Overview<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd0d What are Suppression Rules?<\/h4>\n\n\n\n<p>In the context of DevSecOps, <strong>Suppression Rules<\/strong> are configurations that instruct security tools to ignore specific types of alerts, vulnerabilities, or behaviors\u2014either temporarily or permanently\u2014based on predefined criteria. These rules are used to reduce noise from false positives or accepted risks, streamlining incident response and enabling teams to focus on real security threats.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd70\ufe0f History or Background<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Suppression rules emerged alongside <strong>SIEM (Security Information and Event Management)<\/strong> systems and <strong>static\/dynamic analysis tools<\/strong>.<\/li>\n\n\n\n<li>Initially used in <strong>IDS\/IPS systems<\/strong> (e.g., Snort, Suricata), they have evolved to cover code scanning, infrastructure monitoring, and container security tools in modern DevSecOps pipelines.<\/li>\n\n\n\n<li>With the growing adoption of <strong>shift-left security<\/strong>, suppression rules became essential for ensuring developer productivity without compromising on compliance.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 Why is it Relevant in DevSecOps?<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Helps in <strong>prioritizing real issues<\/strong> while avoiding alert fatigue.<\/li>\n\n\n\n<li>Maintains <strong>CI\/CD velocity<\/strong> by bypassing known non-critical vulnerabilities.<\/li>\n\n\n\n<li>Supports <strong>governance and audit trails<\/strong> by documenting exceptions clearly.<\/li>\n\n\n\n<li>Enables <strong>granular control<\/strong> over alerting systems integrated across the DevSecOps toolchain.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\udde0 <strong>Core Concepts &amp; Terminology<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd11 Key Terms and Definitions<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Term<\/th><th>Definition<\/th><\/tr><\/thead><tbody><tr><td><strong>Suppression Rule<\/strong><\/td><td>A defined condition that filters or ignores specific security alerts.<\/td><\/tr><tr><td><strong>False Positive<\/strong><\/td><td>An incorrect alert that signals an issue where none exists.<\/td><\/tr><tr><td><strong>Risk Acceptance<\/strong><\/td><td>A decision to acknowledge and not mitigate a known vulnerability.<\/td><\/tr><tr><td><strong>Alert Fatigue<\/strong><\/td><td>The desensitization that occurs when teams are overwhelmed by frequent alerts.<\/td><\/tr><tr><td><strong>Justification<\/strong><\/td><td>A rationale behind suppressing an alert, often used for audit logs.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd04 How it Fits into the DevSecOps Lifecycle<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>DevSecOps Stage<\/th><th>Role of Suppression Rules<\/th><\/tr><\/thead><tbody><tr><td><strong>Plan<\/strong><\/td><td>Document risk exceptions from threat modeling.<\/td><\/tr><tr><td><strong>Develop<\/strong><\/td><td>Suppress alerts in SAST tools (e.g., SonarQube).<\/td><\/tr><tr><td><strong>Build\/Test<\/strong><\/td><td>Ignore known issues during automated scans.<\/td><\/tr><tr><td><strong>Release<\/strong><\/td><td>Ensure deployments proceed without blocking by low-severity issues.<\/td><\/tr><tr><td><strong>Monitor<\/strong><\/td><td>Suppress alerts in runtime monitoring tools (e.g., Falco).<\/td><\/tr><tr><td><strong>Respond<\/strong><\/td><td>Focus incident response on valid alerts.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfd7\ufe0f <strong>Architecture &amp; How It Works<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd27 Components and Internal Workflow<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Security Tool or Scanner<\/strong>\n<ul class=\"wp-block-list\">\n<li>Generates alerts during scanning or runtime.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Suppression Engine or Rule Manager<\/strong>\n<ul class=\"wp-block-list\">\n<li>Matches alerts against suppression criteria.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Configuration File or GUI Interface<\/strong>\n<ul class=\"wp-block-list\">\n<li>Stores the rules in YAML, JSON, or via UI.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Audit Logger<\/strong>\n<ul class=\"wp-block-list\">\n<li>Records which alerts were suppressed and why.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd01 Workflow Overview<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>&#091;Security Scanner] \u2192 &#091;Alert] \u2192 &#091;Suppression Engine] \u2192 \n\u2192 &#091;Match Rule?] \u2192 &#091;Yes \u2192 Suppress] \/ &#091;No \u2192 Forward Alert] \u2192 &#091;Audit Trail]\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udcca Architecture Diagram (Textual)<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>+-------------------+      +---------------------+      +----------------+\n|   Security Tool   | ---&gt; | Suppression Engine  | ---&gt; | Alerting Tool  |\n+-------------------+      +---------------------+      +----------------+\n                                  |                          \u2191\n                                  \u2193                          |\n                          +----------------+         +---------------+\n                          | Suppression DB |&lt;--------| Audit Logger  |\n                          +----------------+         +---------------+\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd0c Integration Points with CI\/CD and Cloud Tools<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CI\/CD Tools<\/strong>: GitHub Actions, GitLab CI, Jenkins (via plugins or config files).<\/li>\n\n\n\n<li><strong>Code Scanners<\/strong>: SonarQube, Checkmarx, Snyk, Gitleaks.<\/li>\n\n\n\n<li><strong>Container Tools<\/strong>: Trivy, Aqua Security, Prisma Cloud.<\/li>\n\n\n\n<li><strong>SIEM Systems<\/strong>: Splunk, ELK, Wazuh.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\ude80 <strong>Installation &amp; Getting Started<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83e\uddf0 Basic Setup or Prerequisites<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A working CI\/CD environment (e.g., Jenkins, GitHub Actions).<\/li>\n\n\n\n<li>Security tools integrated (e.g., SonarQube, Trivy, Falco).<\/li>\n\n\n\n<li>Admin access to configure suppression rules.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udee0\ufe0f Hands-on Setup Guide: Trivy + Suppression Rules Example<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Install Trivy<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>brew install aquasecurity\/trivy\/trivy\n<\/code><\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Create a Suppression File (<code>trivy.ignore<\/code>)<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code># Ignore a known CVE in a specific package\n{\n  \"IgnoreUnfixed\": true,\n  \"Rules\": &#091;\n    {\n      \"ID\": \"CVE-2023-1111\",\n      \"Path\": \"node_modules\/express\/package.json\",\n      \"Reason\": \"Known issue, risk accepted\"\n    }\n  ]\n}\n<\/code><\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>Run Trivy Scan with Suppression<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>trivy fs --ignorefile trivy.ignore .\n<\/code><\/pre>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><strong>Verify Results<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code># Suppressed alerts should not appear in the output\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udf0d <strong>Real-World Use Cases<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">1. <strong>Suppressing False Positives in Static Code Analysis<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tool: <strong>SonarQube<\/strong><\/li>\n\n\n\n<li>Rule: Suppress &#8220;hardcoded secret&#8221; alert in test files only.<\/li>\n\n\n\n<li>Benefit: Reduces developer frustration, avoids alert fatigue.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">2. <strong>Known Vulnerability in Legacy Library<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tool: <strong>Trivy or Snyk<\/strong><\/li>\n\n\n\n<li>Rule: Suppress <code>CVE-XXXX-YYYY<\/code> for a specific Docker image.<\/li>\n\n\n\n<li>Justification: Vendor patch pending, risk deemed low.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">3. <strong>Compliance Reporting in Healthcare<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tool: <strong>Falco (runtime security)<\/strong><\/li>\n\n\n\n<li>Rule: Suppress non-critical access logs from specific IPs (e.g., whitelisted users).<\/li>\n\n\n\n<li>Benefit: Maintains HIPAA compliance while reducing SIEM noise.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">4. <strong>CI\/CD Pipeline Continuity<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tool: <strong>GitLab CI<\/strong><\/li>\n\n\n\n<li>Rule: Allow deployment if only low-severity issues are detected.<\/li>\n\n\n\n<li>Integration: YAML rules in <code>.gitlab-ci.yml<\/code>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\u2696\ufe0f <strong>Benefits &amp; Limitations<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 Key Advantages<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Improves signal-to-noise ratio<\/strong><\/li>\n\n\n\n<li><strong>Maintains developer velocity<\/strong><\/li>\n\n\n\n<li><strong>Supports risk-based approach<\/strong><\/li>\n\n\n\n<li><strong>Allows compliance traceability<\/strong><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\u274c Common Limitations<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Risk of missing real threats<\/strong><\/li>\n\n\n\n<li><strong>Suppression file mismanagement<\/strong><\/li>\n\n\n\n<li><strong>Lack of standardization across tools<\/strong><\/li>\n\n\n\n<li><strong>Auditors may challenge justifications<\/strong><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udee1\ufe0f <strong>Best Practices &amp; Recommendations<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd10 Security Tips<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Limit who can define suppression rules.<\/li>\n\n\n\n<li>Tie each suppression to a documented business decision.<\/li>\n\n\n\n<li>Use expiration timestamps for temporary suppressions.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\u2699\ufe0f Performance &amp; Maintenance<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Periodically review and clean up stale rules.<\/li>\n\n\n\n<li>Automate rule validation as part of CI\/CD.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udcdc Compliance Alignment<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Include justification and duration fields.<\/li>\n\n\n\n<li>Ensure audit logs are immutable and versioned.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83e\udd16 Automation Ideas<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Auto-close tickets for suppressed issues in JIRA.<\/li>\n\n\n\n<li>CI\/CD checks that enforce suppression file syntax and expiration.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd04 <strong>Comparison with Alternatives<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Feature<\/th><th>Suppression Rules<\/th><th>Alert Tuning<\/th><th>Risk-Based Triage<\/th><\/tr><\/thead><tbody><tr><td>Granularity<\/td><td>High<\/td><td>Medium<\/td><td>Low<\/td><\/tr><tr><td>Manual Overhead<\/td><td>Medium<\/td><td>Low<\/td><td>High<\/td><\/tr><tr><td>Auditability<\/td><td>High<\/td><td>Low<\/td><td>Medium<\/td><\/tr><tr><td>CI\/CD Integration<\/td><td>Native<\/td><td>Partial<\/td><td>Manual<\/td><\/tr><tr><td>Recommended for<\/td><td>Known Issues<\/td><td>Noise Tuning<\/td><td>Dynamic Prioritization<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83c\udd9a When to Choose Suppression Rules<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Known false positives or accepted risks.<\/li>\n\n\n\n<li>Repeat alerts from legacy systems.<\/li>\n\n\n\n<li>Tools that support structured suppression files (e.g., Trivy, SonarQube).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfc1 <strong>Conclusion<\/strong><\/h3>\n\n\n\n<p>Suppression rules are a <strong>cornerstone of practical DevSecOps<\/strong>, balancing security rigor with engineering productivity. When implemented with discipline and transparency, they reduce operational noise, protect developer time, and maintain compliance integrity.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udcc8 Future Trends<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AI-powered suppression recommendations.<\/li>\n\n\n\n<li>Centralized suppression managers across tools.<\/li>\n\n\n\n<li>Policy-as-code for suppression governance.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ud83d\udcd8 Introduction &amp; Overview \ud83d\udd0d What are Suppression Rules? In the context of DevSecOps, Suppression Rules are configurations that instruct [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-380","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Comprehensive DevSecOps Tutorial on Suppression Rules - SRE School<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Comprehensive DevSecOps Tutorial on Suppression Rules - SRE School\" \/>\n<meta property=\"og:description\" content=\"\ud83d\udcd8 Introduction &amp; Overview \ud83d\udd0d What are Suppression Rules? In the context of DevSecOps, Suppression Rules are configurations that instruct [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/\" \/>\n<meta property=\"og:site_name\" content=\"SRE School\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-24T05:57:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-24T05:57:53+00:00\" \/>\n<meta name=\"author\" content=\"priteshgeek\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"priteshgeek\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/\",\"url\":\"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/\",\"name\":\"Comprehensive DevSecOps Tutorial on Suppression Rules - SRE School\",\"isPartOf\":{\"@id\":\"https:\/\/sreschool.com\/blog\/#website\"},\"datePublished\":\"2025-06-24T05:57:52+00:00\",\"dateModified\":\"2025-06-24T05:57:53+00:00\",\"author\":{\"@id\":\"https:\/\/sreschool.com\/blog\/#\/schema\/person\/6a53e3870889dd6a65b2e04b7bc3d7db\"},\"breadcrumb\":{\"@id\":\"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/#breadcrumb\"},\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sreschool.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Comprehensive DevSecOps Tutorial on Suppression Rules\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sreschool.com\/blog\/#website\",\"url\":\"https:\/\/sreschool.com\/blog\/\",\"name\":\"SRESchool\",\"description\":\"Master SRE. Build Resilient Systems. Lead the Future of Reliability\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sreschool.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/sreschool.com\/blog\/#\/schema\/person\/6a53e3870889dd6a65b2e04b7bc3d7db\",\"name\":\"priteshgeek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/sreschool.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g\",\"caption\":\"priteshgeek\"},\"url\":\"https:\/\/sreschool.com\/blog\/author\/priteshgeek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Comprehensive DevSecOps Tutorial on Suppression Rules - SRE School","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/","og_locale":"en_US","og_type":"article","og_title":"Comprehensive DevSecOps Tutorial on Suppression Rules - SRE School","og_description":"\ud83d\udcd8 Introduction &amp; Overview \ud83d\udd0d What are Suppression Rules? In the context of DevSecOps, Suppression Rules are configurations that instruct [&hellip;]","og_url":"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/","og_site_name":"SRE School","article_published_time":"2025-06-24T05:57:52+00:00","article_modified_time":"2025-06-24T05:57:53+00:00","author":"priteshgeek","twitter_card":"summary_large_image","twitter_misc":{"Written by":"priteshgeek","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/","url":"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/","name":"Comprehensive DevSecOps Tutorial on Suppression Rules - SRE School","isPartOf":{"@id":"https:\/\/sreschool.com\/blog\/#website"},"datePublished":"2025-06-24T05:57:52+00:00","dateModified":"2025-06-24T05:57:53+00:00","author":{"@id":"https:\/\/sreschool.com\/blog\/#\/schema\/person\/6a53e3870889dd6a65b2e04b7bc3d7db"},"breadcrumb":{"@id":"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/#breadcrumb"},"inLanguage":"en","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/sreschool.com\/blog\/comprehensive-devsecops-tutorial-on-suppression-rules\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sreschool.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Comprehensive DevSecOps Tutorial on Suppression Rules"}]},{"@type":"WebSite","@id":"https:\/\/sreschool.com\/blog\/#website","url":"https:\/\/sreschool.com\/blog\/","name":"SRESchool","description":"Master SRE. Build Resilient Systems. Lead the Future of Reliability","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sreschool.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en"},{"@type":"Person","@id":"https:\/\/sreschool.com\/blog\/#\/schema\/person\/6a53e3870889dd6a65b2e04b7bc3d7db","name":"priteshgeek","image":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/sreschool.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/231a0e8b7a02636f2fbacf8dcf4494cb1cc0d49ecc9a8165fbaeaeeaf102641a?s=96&d=mm&r=g","caption":"priteshgeek"},"url":"https:\/\/sreschool.com\/blog\/author\/priteshgeek\/"}]}},"_links":{"self":[{"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/posts\/380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/comments?post=380"}],"version-history":[{"count":1,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/posts\/380\/revisions"}],"predecessor-version":[{"id":382,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/posts\/380\/revisions\/382"}],"wp:attachment":[{"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/media?parent=380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/categories?post=380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sreschool.com\/blog\/wp-json\/wp\/v2\/tags?post=380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}