Question 9
Domain 1Your CI/CD pipeline runs Claude Code for automated PR review. After 3 weeks, you notice it is generating a high rate of false positive security warnings on legitimate patterns. What is the most effective fix?
Correct answer: B
Explanation
Claude Code uses the project root "CLAUDE.md" as persistent project guidance, so adding "known-safe patterns" and "project-specific security exceptions" gives it the context needed to reduce repeated false alarms. Including examples of false positive patterns helps the model distinguish legitimate code from risky behavior, which is the most effective way to tune review output over time.
Why each option is right or wrong
A. Increase the temperature parameter to make Claude less strict
Temperature changes output variability, not policy understanding or project-specific security context.
B. Add known-safe patterns and project-specific security exceptions to the project root CLAUDE.md, and include examples of false positive patterns to avoid
Claude Code reads the project-root CLAUDE.md as persistent, repo-specific guidance, so placing approved security exceptions and known-safe patterns there directly changes the review context for every run. That is the most targeted way to reduce repeated false positives in an automated PR-review workflow, because it teaches the model which recurring constructs are legitimate instead of relying on one-off prompt tweaks or manual suppression after each alert.
C. Switch to manual security review to avoid false positives
Manual review removes automation benefits instead of correcting the model’s repeated misunderstanding.
D. Remove security checks from the automated review entirely
Removing checks eliminates useful detection rather than improving precision on legitimate patterns.