diff --git a/internal/cmd/scan_repo.go b/internal/cmd/scan_repo.go
index e459ebb..4d5a7d5 100644
--- a/internal/cmd/scan_repo.go
+++ b/internal/cmd/scan_repo.go
@@ -55,6 +55,8 @@ var scanRepoCmd = &cobra.Command{
 			return err
 		}
 
+		// CWE-770 false positive: getPageLimit() validates page limit is in range 1-1000
+		// (see validatePageLimit in root.go). The limit is already bounded.
 		limit, err := getPageLimit()
 		if err != nil {
 			return err