Suppressed Vulnerabilities Tab

Code Insight 2021 R3

The Suppressed Vulnerabilities tab on the Data Library page lists the security vulnerabilities currently suppressed in your Code Insight instance. (The data is listed in a grid format.) This tab is visible to only Code Insight System Administrators. For more information about accessing this tab, see Viewing Suppressed Security Vulnerabilities.

For a newly installed Code Insight instance or an pre-2021 R3 instance migrated to the current instance, this page initially shows no suppressed security vulnerabilities. (However, the tab will list any vulnerability you subsequently suppress.)

The Suppressed Vulnerabilities tab provides the following information and features:

Suppressed Vulnerabilities Tab

Category

Column/Field

Description

Filter by

These fields enable you to filter the list of suppressed vulnerabilities. Select the filter type, either Vulnerability Id or Component Name, from the dropdown; and then enter the string by which to filter the list. For example, if you select Component Name and enter the string open, the list will filter to those suppressed vulnerabilities associated with a component whose name contains “open”.

Details for each suppressed vulnerability

The following describes the details of each suppressed vulnerability listed in the grid. These details are not editable.

 

Vulnerability ID

The ID assigned to the vulnerability by the advisory system that reported it.

Click next to the ID to display a pop-up containing details about the vulnerability. The details include:

Vulnerability ID—The ID assigned to the vulnerability by the source that reported it (see the next field).
Source—The advisory system that reported the vulnerability (for example, NVD or Secunia).
Severity—The level of security risk that this vulnerability can have on your software. The advisory system uses the vulnerability’s CVSS score to set the severity. See Understanding Severity Levels for Security Vulnerabilities.
Score—The vulnerability’s CVSS score as determined by the advisory system. Depending on your Code Insight configuration, this score is in either CVSS 3.x or CVSS 2.0 format. For a vulnerability found in the NVD, you can use a CVSS calculator to tweak the factors that determine the score to adjust the score for your product. For more information about the advisory systems, the CVSS score formats, and the CVSS calculator, see Understanding Severity Levels for Security Vulnerabilities and Examining Security Vulnerability Details.
Description—A description of the vulnerability captured from the advisory system.

You can sort on this column alphabetically in ascending or descending order. By default, the IDs are listed in ascending order.

Affected component

The OSS or third-party component that is impacted by the vulnerability.

Affected versions

The one or more component versions for which the vulnerability is currently suppressed. If the versions are too numerous list in the grid, the value ends with “...”. However, you can always mouse-over the value to see the entire list of versions for which the vulnerability is suppressed.

Click next to the value to display a pop-up window that shows suppression details for each listed version. For more information, see Suppressed Versions of <component> for <vulnerability> Window.

Actions

The following buttons and icons enable you to navigate and manage the Suppressed Vulnerabilities tab.

Refresh the vulnerability data on the tab.

Page controls

Move to the next or previous page or to the first or last page on the tab; or enter a specific page number in the Page field.

Note that the default page size is 100 vulnerability records.

Close

Exit the Suppressed Vulnerabilities tab.