Plugin only Exclusion management requires the ClawVitals plugin. See clawvitals.io/plugin →
Exclusions
Suppress findings that are intentional or not applicable to your setup.
When to use exclusions
Some findings may be expected in your environment. For example, if you intentionally run without a reverse proxy, NC-AUTH-001 will always fail but it may not be a real risk for your setup. Exclusions let you acknowledge a finding and remove it from your score and scheduled alerts.
⚠️ Exclusions affect your score. An excluded control is not counted as a failure, which will raise your score. Only exclude findings you've genuinely assessed and accepted.
Add an exclusion
The second argument is a reason it's stored with the exclusion so you can review it later. Always include a clear reason.
View exclusions
Lists all active exclusions with their control ID, reason, date added, and expiry (if set).
Exclusion expiry
Exclusions older than 90 days without an expiry date are flagged as stale in the detail report. This is a reminder to re-assess whether the exclusion is still valid it does not remove the exclusion automatically.
Exclusions and scheduled scans
Excluded controls are skipped in scheduled scan alerts. They still appear in the full detail report (run show clawvitals details) so you always have a complete picture.