diff --git a/src/zap.conf b/src/zap.conf
index 1f9e831fb..adf51c72c 100644
--- a/src/zap.conf
+++ b/src/zap.conf
@@ -32,7 +32,7 @@
 # get-gov.js contains suspicious word "from" as in `Array.from()`
 10027	OUTOFSCOPE	http://app:8080/public/js/get-gov.js
 # Ignore wording of "TODO"
-10027	OUTOFSCOPE	http://app:8080/todo
+10027   OUTOFSCOPE  http://app:8080/todo
 10028	FAIL	(Open Redirect - Passive/beta)
 10029	FAIL	(Cookie Poisoning - Passive/beta)
 10030	FAIL	(User Controllable Charset - Passive/beta)