Question 22
Domain 3Your code review pipeline produces structured findings that developers frequently dismiss as false positives. You want to systematically improve the pipeline's precision over time. Which schema addition enables this analysis?
Correct answer: B
Explanation
Adding a "detected_pattern" field lets each finding be grouped by the code construct that triggered it, so dismissed results can be analyzed by pattern over time. That supports precision tuning because repeated dismissals of the same pattern identify likely false positives and show where the pipeline needs refinement.
Why each option is right or wrong
A. Add a `severity: "critical" | "high" | "medium" | "low"` field to filter out low-severity findings before display
Severity ranks impact, but it does not reveal which detection logic causes repeated false positives.
B. Add a `detected_pattern` field to each finding that names the code construct that triggered the finding (e.g., `"eval_in_userland"`, `"unvalidated_redirect"`); when developers dismiss findings, analyze which patterns are dismissed most frequently to identify false positive candidates
The schema needs a stable discriminator for the underlying trigger, not just the human-readable finding text, so adding a `detected_pattern` field lets you aggregate dismissals by construct and measure which trigger classes are producing the most false positives. In practice, that means you can compute dismissal rates per pattern over time and prioritize the highest-dismissed patterns for rule refinement, rather than treating all findings as a single undifferentiated stream.
C. Add a `model_confidence: number` field and only show findings where confidence > 0.8
Confidence thresholds hide findings, but dismissed-pattern analysis needs traceable causes, not just scores.
D. Add a `fix_suggestion: string` field so developers can accept the fix with one click instead of dismissing
Fix suggestions improve workflow convenience, but they do not explain why developers dismiss findings.