diff --git a/host_modules/docker_service.py b/host_modules/docker_service.py
index ba4730d2..4f69c547 100644
--- a/host_modules/docker_service.py
+++ b/host_modules/docker_service.py
@@ -185,6 +185,7 @@ def _validate_command(command):
                 return errno.EPERM, "Command {} is not allowed.".format(command)
 
             # nosemgrep: python.docker.security.audit.docker-arbitrary-container-run.docker-arbitrary-container-run
+            # Semgrep cannot detect validation code.
             container = client.containers.run(image, command, **kwargs)
             return 0, "Container {} has been started.".format(container.name)
         except docker.errors.ImageNotFound: