Skip to main content

infraguard waiver

Manage rule waivers (suppressions). Waivers let you knowingly suppress specific violations with a reason and an optional expiry date. See the Waivers guide for concepts and the waiver-file format.

Subcommands

list

List all waivers and their status (active / expired / permanent):

infraguard waiver list
infraguard waiver list --waivers ./path/to/waivers.yaml

lint

Validate the waiver file — flags missing reasons, unknown rules, invalid or expired dates:

infraguard waiver lint
infraguard waiver lint --rules-dir ./policies/rules # also recognize custom rules

lint exits non-zero when there are errors (e.g. a missing reason), making it suitable for a pre-commit hook or CI gate on the waiver file itself.

Flags

FlagDescriptionDefault
--waiversPath to the waiver fileauto-detect .infraguard/waivers.yaml
--rules-dir(lint) Also treat rules under this directory as known

Waivers are applied during infraguard scan. The relevant flags are:

FlagDescriptionDefault
--waiversPath to the waiver fileauto-detect
--no-waiversIgnore all waivers (inline comments and file)false
--show-waivedShow waived violations instead of hiding themfalse
--fail-on-expiredTreat expired waivers as real violationstrue

See infraguard scan and the Waivers guide.