feat: rename TRUE/FALSE POSITIVE terminology to ISSUE/NON_ISSUE

This change addresses the confusion between business domain terminology and ML classification metrics by introducing clear separation:
security analysis (ISSUE/NON_ISSUE)
ML evaluation (TRUE_POSITIVE/FALSE_POSITIVE) contexts.

Author: Yael-F

README.md

@@ -48,7 +48,7 @@ HuggingFace model ([all-mpnet-base-v2](https://huggingface.co/sentence-transform
 
 #### Evaluation
 - Applies metrics (from Ragas library) to assess the quality of model outputs.
-- **Note:** SAST-AI-Workflow is primarily focused on identifying false alarms (False Positives).
+- **Note:** SAST-AI-Workflow is primarily focused on identifying false alarms (Non-Issues).
 
 
 ## 🔌 Installation & Setup 

config/default_config.yaml

@@ -8,7 +8,7 @@ EMBEDDINGS_LLM_URL: "http://<<please-set-embedding-llm-url>>"
 EMBEDDINGS_LLM_MODEL_NAME: "embedding-llm-model"
 
 INPUT_REPORT_FILE_PATH: "/path/to/report.html"
-KNOWN_FALSE_POSITIVE_FILE_PATH: "/path/to/known_false_positives_file"
+KNOWN_NON_ISSUES_FILE_PATH: "/path/to/known_non_issues_file"
 OUTPUT_FILE_PATH: "/path/to/output_excel.xlsx"
 AGGREGATE_RESULTS_G_SHEET: ""
 HUMAN_VERIFIED_FILE_PATH: ""

deploy/Makefile

@@ -11,7 +11,7 @@ CO := oc  --context $(CONTEXT)
 
 # Pipeline parameters (overrideable on the CLI):
 REPO_REMOTE_URL                       ?= source/code/url
-FALSE_POSITIVES_URL              ?= false/positives/url
+NON_ISSUES_URL              ?= false/positives/url
 
 LLM_URL                          ?= http://<<please-set-llm-url>>
 LLM_MODEL_NAME                   ?= llm-model
@@ -168,13 +168,14 @@ run:
 		-e 's|PROJECT_NAME_PLACEHOLDER|$(PROJECT_NAME)|g' \
 		-e 's|PROJECT_VERSION_PLACEHOLDER|$(PROJECT_VERSION)|g' \
 		-e 's|REPO_REMOTE_URL_PLACEHOLDER|$(REPO_REMOTE_URL)|g' \
-		-e 's|FALSE_POSITIVES_URL_PLACEHOLDER|$(FALSE_POSITIVES_URL)|g' \
+		-e 's|NON_ISSUES_URL_PLACEHOLDER|$(NON_ISSUES_URL)|g' \
 		-e 's|LLM_URL_PLACEHOLDER|$(LLM_URL)|g' \
 		-e 's|LLM_MODEL_NAME_PLACEHOLDER|$(LLM_MODEL_NAME)|g' \
 		-e 's|EMBEDDINGS_LLM_URL_PLACEHOLDER|$(EMBEDDINGS_LLM_URL)|g' \
 		-e 's|EMBEDDINGS_LLM_MODEL_NAME_PLACEHOLDER|$(EMBEDDINGS_LLM_MODEL_NAME)|g' \
 		-e 's|INPUT_REPORT_FILE_PATH_PLACEHOLDER|$(INPUT_REPORT_FILE_PATH)|g' \
 		-e 's|AGGREGATE_RESULTS_G_SHEET_PLACEHOLDER|$(AGGREGATE_RESULTS_G_SHEET)|g' \
+		-e 's|USE_KNOWN_NON_ISSUES_FILE_PLACEHOLDER|$(USE_KNOWN_NON_ISSUES_FILE)|g' \
 		tekton/pipelinerun.yaml > tekton/pipelinerun-temp.yaml
 	@$(CO) apply -n $(NAMESPACE) -f tekton/pipelinerun-temp.yaml > /dev/null 2>&1
 	@rm -f tekton/pipelinerun-temp.yaml

deploy/README.md

@@ -117,7 +117,7 @@ make all PROJECT_NAME="systemd" \
  PROJECT_VERSION="257-9" \
  REPO_REMOTE_URL="https://download.devel.redhat.com/brewroot/vol/rhel-10/packages/systemd/257/9.el10/src/systemd-257-9.el10.src.rpm" \
  INPUT_REPORT_FILE_PATH="https://docs.google.com/spreadsheets/d/1NPGmERBsSTdHjQK2vEocQ-PvQlRGGLMds02E_RGF8vY/export?format=csv" \
- FALSE_POSITIVES_URL="https://gitlab.cee.redhat.com/osh/known-false-positives/-/raw/master/systemd/ignore.err"
+ NON_ISSUES_URL="https://gitlab.cee.redhat.com/osh/known-false-positives/-/raw/master/systemd/ignore.err"
 ```
 
 ### 6. Step-by-Step Alternative

deploy/tekton/pipeline.yaml

@@ -13,9 +13,9 @@ spec:
     - name: REPO_REMOTE_URL
       type: string
       description: "Source code URL (RPM package or Git repository URL)"
-    - name: FALSE_POSITIVES_URL
+    - name: NON_ISSUES_URL
       type: string
-      description: "GitLab repository URL for known false positives (optional)"
+      description: "GitLab repository URL for known non-issues (optional)"
     - name: INPUT_REPORT_FILE_PATH
       type: string
       description: "Google Spreadsheet URL or OSH report .html file path"
@@ -39,6 +39,10 @@ spec:
     - name: AGGREGATE_RESULTS_G_SHEET
       type: string
       default: "" 
+    - name: USE_KNOWN_NON_ISSUES_FILE
+      type: string
+      description: "Whether to use known non-issues file for filtering (true/false)"
+      default: "true"
     - name: GDRIVE_FOLDER_ID
       type: string
       description: "Google Drive folder ID for uploading SAST results (optional)"
@@ -67,8 +71,8 @@ spec:
           value: "$(params.REPO_REMOTE_URL)"
         - name: INPUT_REPORT_FILE_PATH
           value: "$(params.INPUT_REPORT_FILE_PATH)"
-        - name: FALSE_POSITIVES_URL
-          value: "$(params.FALSE_POSITIVES_URL)"
+        - name: NON_ISSUES_URL
+          value: "$(params.NON_ISSUES_URL)"
       workspaces:
         - name: google-sa-json-ws
           workspace: google-sa-json-ws
@@ -91,8 +95,8 @@ spec:
       taskRef:
         name: fetch-false-positives
       params:
-        - name: FALSE_POSITIVES_URL
-          value: "$(params.FALSE_POSITIVES_URL)"
+        - name: NON_ISSUES_URL
+          value: "$(params.NON_ISSUES_URL)"
       workspaces:
         - name: false-positives-workspace
           workspace: shared-workspace
@@ -125,8 +129,8 @@ spec:
           value: "$(params.EMBEDDINGS_LLM_MODEL_NAME)"
         - name: AGGREGATE_RESULTS_G_SHEET
           value: "$(params.AGGREGATE_RESULTS_G_SHEET)"
-        - name: USE_KNOWN_FALSE_POSITIVE_FILE
-          value: "$(params.USE_KNOWN_FALSE_POSITIVE_FILE)"
+        - name: USE_KNOWN_NON_ISSUES_FILE
+          value: "$(params.USE_KNOWN_NON_ISSUES_FILE)"
       workspaces:
         - name: source-workspace
           workspace: shared-workspace

deploy/tekton/pipelinerun.yaml

@@ -12,8 +12,8 @@ spec:
       value: "PROJECT_VERSION_PLACEHOLDER"
     - name: REPO_REMOTE_URL
       value: "REPO_REMOTE_URL_PLACEHOLDER"
-    - name: FALSE_POSITIVES_URL
-      value: "FALSE_POSITIVES_URL_PLACEHOLDER"
+    - name: NON_ISSUES_URL
+      value: "NON_ISSUES_URL_PLACEHOLDER"
     - name: LLM_URL
       value: "LLM_URL_PLACEHOLDER"
     - name: LLM_MODEL_NAME

deploy/tekton/tasks/execute_sast_ai_workflow.yaml

@@ -33,9 +33,9 @@ spec:
     - name: EMBEDDINGS_LLM_MODEL_NAME
       type: string
       default: ""
-    - name: USE_KNOWN_FALSE_POSITIVE_FILE
+    - name: USE_KNOWN_NON_ISSUES_FILE
       type: string
-      description: "Whether to use known false positive file for filtering (true/false)"
+      description: "Whether to use known non-issues file for filtering (true/false)"
       default: "true"
   workspaces:
     - name: source-workspace
@@ -53,10 +53,10 @@ spec:
           value: "$(params.PROJECT_VERSION)"
         - name: REPO_LOCAL_PATH
           value: "$(params.REPO_LOCAL_PATH)"
-        - name: KNOWN_FALSE_POSITIVE_FILE_PATH
+        - name: KNOWN_NON_ISSUES_FILE_PATH
           value: "$(workspaces.false-positives-workspace.path)/ignore.err"
-        - name: USE_KNOWN_FALSE_POSITIVE_FILE
-          value: "$(params.USE_KNOWN_FALSE_POSITIVE_FILE)"
+        - name: USE_KNOWN_NON_ISSUES_FILE
+          value: "$(params.USE_KNOWN_NON_ISSUES_FILE)"
         - name: INPUT_REPORT_FILE_PATH
           value: "$(params.INPUT_REPORT_FILE_PATH)"
         - name: AGGREGATE_RESULTS_G_SHEET

deploy/tekton/tasks/fetch_false_positives.yaml

@@ -4,9 +4,9 @@ metadata:
   name: fetch-false-positives
 spec:
   params:
-    - name: FALSE_POSITIVES_URL
+    - name: NON_ISSUES_URL
       type: string
-      description: "Optional GitLab URL containing known false positives"
+      description: "Optional GitLab URL containing known non-issues"
   workspaces:
     - name: false-positives-workspace
       description: "Workspace to store the downloaded ignore.err"
@@ -19,7 +19,7 @@ spec:
       script: |
         #!/usr/bin/env sh
         set -euo pipefail
-        FP_URL="$(params.FALSE_POSITIVES_URL)"
+        FP_URL="$(params.NON_ISSUES_URL)"
         if [ -z "$FP_URL" ]; then
           echo "No falsePositivesUrl provided; skipping fetch..."
           exit 0
@@ -31,11 +31,11 @@ spec:
             GITLAB_TOKEN=$(cat "$TOKEN_FILE")
             echo "GitLab token found. Fetching file with authentication..."
             curl --retry 3 --retry-delay 5 -k -H "PRIVATE-TOKEN: $GITLAB_TOKEN" -fL "$FP_URL" -o "$(workspaces.false-positives-workspace.path)/ignore.err" \
-              || (echo "Error: Could not fetch false positives file with token." && exit 1)
+              || (echo "Error: Could not fetch non-issues file with token." && exit 1)
         else
             echo "No GitLab token file found; attempting unauthenticated fetch..."
             curl --retry 3 --retry-delay 5 -k -fL "$FP_URL" -o "$(workspaces.false-positives-workspace.path)/ignore.err" \
-              || (echo "Error: Could not fetch false positives file unauthenticated." && exit 1)
+              || (echo "Error: Could not fetch non-issues file unauthenticated." && exit 1)
         fi
         if [ -f "$(workspaces.false-positives-workspace.path)/ignore.err" ]; then
           echo "Success"

deploy/tekton/tasks/validate_urls.yaml

@@ -10,9 +10,9 @@ spec:
     - name: INPUT_REPORT_FILE_PATH
       type: string
       description: "Google Spreadsheet URL or OSH report .html file path"
-    - name: FALSE_POSITIVES_URL
+    - name: NON_ISSUES_URL
       type: string
-      description: "GitLab URL containing known false positive issues"
+      description: "GitLab URL containing known non-issue cases"
   workspaces:
     - name: google-sa-json-ws
       description: "Workspace containing Google service account key file"
@@ -29,14 +29,14 @@ spec:
       image: curlimages/curl:latest
       script: |
         #!/usr/bin/env sh
-        FP_URL="$(params.FALSE_POSITIVES_URL)"
-        echo "Validating false positives URL: $FP_URL"
+        FP_URL="$(params.NON_ISSUES_URL)"
+        echo "Validating non-issues URL: $FP_URL"
         # If blank, skip. If not, ensure it's valid
         if [ -z "$FP_URL" ]; then
-          echo "No false positives URL provided; skipping validation."
+          echo "No non-issues URL provided; skipping validation."
           exit 0
         fi
-        curl -ksSfL "$FP_URL" || (echo "Error: False positives URL is invalid" && exit 1)
+        curl -ksSfL "$FP_URL" || (echo "Error: Non-issues URL is invalid" && exit 1)
 
     - name: validate-report-file
       image: 'python:3.11-slim'

docs/setup.md

@@ -114,14 +114,14 @@ podman run -d --name sast-ai-app \
 -e EMBEDDINGS_API_KEY=<your_key> \
 -e EMBEDDINGS_LLM_MODEL_NAME=<<embeddings-llm-model-name>> \
 -e INPUT_REPORT_FILE_PATH=https://docs.google.com/spreadsheets/d/<sheet-id> \
--e KNOWN_FALSE_POSITIVE_FILE_PATH=/path/to/ignore.err \
+-e KNOWN_NON_ISSUES_FILE_PATH=/path/to/ignore.err \
 -e OUTPUT_FILE_PATH=https://docs.google.com/spreadsheets/d/<sheet-id> \
 quay.io/ecosystem-appeng/sast-ai-workflow:latest
 ```
 Replace <your_key> with the actual LLM API key.
 
 > **Note:**  
-> Make sure the file paths required by the application (e.g., the HTML report, known false positives, etc.) point to the correct locations inside the container. For instance, if these files are copied into `/app`, update your configuration to reference `/app/<filename>` rather than the host paths.
+> Make sure the file paths required by the application (e.g., the HTML report, known non-issues, etc.) point to the correct locations inside the container. For instance, if these files are copied into `/app`, update your configuration to reference `/app/<filename>` rather than the host paths.
 > 
 > If you ever need to run an interactive shell in your container (overriding the default entrypoint), use:
 > 
@@ -146,7 +146,7 @@ environment variables.
 | EMBEDDINGS_LLM_URL             | http://\<<please-set-embedding-llm-url\>> | ✔             | https://integrate.api.nvidia.com/v1        | URL of the embedding model endpoint.                                                                                              |
 | EMBEDDINGS_LLM_MODEL_NAME      | \<<please-set-embeddings-llm-model-name\>>| ✔             | all-mpnet-base-v2                          | Model used for generating embeddings.                                                                                            |
 | INPUT_REPORT_FILE_PATH         | /path/to/report.html                      | ✔             | /path/to/report.html or https://docs.google.com/spreadsheets/d/\<sheet-id\> | Path to the SAST HTML report or URL of a Google Sheet containing the report.                                                                                                        |
-| KNOWN_FALSE_POSITIVE_FILE_PATH | /path/to/ignore.err                       | ✔             | /path/to/ignore.err                        | Path to the file containing known false positives data.                                                                          |
+| KNOWN_NON_ISSUES_FILE_PATH | /path/to/ignore.err                       | ✔             | /path/to/ignore.err                        | Path to the file containing known non-issues data.                                                                          |
 | OUTPUT_FILE_PATH               | /path/to/output_excel.xlsx                | ✔             | /path/to/output.xlsx                       | Path where the generated Excel report will be saved.                                                                             |
 | LIBCLANG_PATH                  | /path/to/libclang                         | ✔             | /usr/lib/llvm-12/lib/libclang.so           | Path of to your libclang location.                                                                                               |
 | COMPILE_COMMANDS_JSON_PATH     | /path/to/compile_commands.json            |               | /path/to/compile_commands.json             | Path to the generated `compile_commands.json` file for the analyzed project. Required only for C projects. |
@@ -155,7 +155,7 @@ environment variables.
 | CHUNK_SEPARATORS               | ["\n\n", "\n", ".", ";", ",", " ", ""]    |               | ["\n\n", "\n", ".", ";"]                   | Ordered list of separators to use when splitting text into chunks.                                                               |
 | CONFIG_H_PATH                  | /path/to/config.h                         |               | /path/to/config.h                          | *(Optional)* Path to the generated `config.h` containing macro definitions. Used for accurate Clang parsing, but not strictly required. |
 | SERVICE_ACCOUNT_JSON_PATH      | ""                                        |               | /path/to/sheet-access-bot-abc123.json      | Path to the JSON file for the Google service account used to access Google Sheets. Mandatory only if using a Google Sheet as input. |
-| USE_KNOWN_FALSE_POSITIVE_FILE  | true                                      |               | true                                       | Flag indicating whether to use the known false positives file in the pipeline as an input.                                       |
+| USE_KNOWN_NON_ISSUES_FILE  | true                                      |               | true                                       | Flag indicating whether to use the known non-issues file in the pipeline as an input.                                       |
 | SIMILARITY_ERROR_THRESHOLD     | 2                                         |               | 3                                          | Number of Documents to return from known issues DB.                                                                              |
 | MAX_ANALYSIS_ITERATIONS     | 2                                            |               | 3                                          | Maximum number of analysis loops allowed for any single issue.  |
 | WRITE_RESULTS_INCLUDE_NON_FINAL        | true                                      |               | true                                       | Whether to include issues with is_final="FALSE"                                                           |