Suppressed Vulnerabilities Tab
The Suppressed Vulnerabilities tab on the Data Library page lists the security vulnerabilities currently suppressed in your Code Insight instance. (The data is listed in a grid format.) This tab is visible to only Code Insight System Administrators. For more information about accessing this tab, see Viewing Suppressed Security Vulnerabilities.
For a newly installed Code Insight instance or an pre-2021 R3 instance migrated to the current instance, this page initially shows no suppressed security vulnerabilities. (However, the tab will list any vulnerability you subsequently suppress.)
The Suppressed Vulnerabilities tab provides the following information and features:
|
Category |
Column/Field |
Description |
|||||||||||||||
|
Filter by |
These fields enable you to filter the list of suppressed vulnerabilities. Select the filter type, either Vulnerability Id or Component Name, from the dropdown list; and then enter the string by which to filter the list. For example, if you select Component Name and enter the string open, the list will filter to those suppressed vulnerabilities associated with a component whose name contains “open”. |
||||||||||||||||
|
Details for each suppressed vulnerability |
The following describes the details of each suppressed vulnerability listed in the grid. These details are not editable. The Action column includes the button used to unsuppress the given vulnerability. |
||||||||||||||||
|
|
Vulnerability ID |
The ID assigned to the vulnerability by the advisory system that reported it. Click
For a vulnerability found in the NVD, the UI also provides access to a CVSS calculator (provided by NVD). Using this calculator, you can tweak the factors that determined the NVD-based score to calculate another score that is more realistic for your product. This score can then be used internally to direct your review and remediation processes. For information about accessing the CVSS calculator, see the CVSS <version> Score description in Security Vulnerabilities Window.
You can sort on this column alphabetically in ascending or descending order. By default, the IDs are listed in ascending order. |
|||||||||||||||
|
|
Affected component |
The OSS or third-party component that is impacted by the vulnerability. |
|||||||||||||||
|
Affected versions |
The one or more component versions for which the vulnerability is currently suppressed. If the versions are too numerous list in the grid, the value ends with “...”. However, you can always mouse-over the value to see the entire list of versions for which the vulnerability is suppressed. Click |
||||||||||||||||
|
Action |
Click Unsuppress to unsuppress the vulnerability for one or more of the component versions for which it is suppressed. The Unsuppress Vulnerability Window is displayed to walk you through the process. When you return to this window, the component versions for which you unsuppressed the vulnerability are no longer displayed. (If all the component versions for which the vulnerability was previously suppressed are now unsuppressed, the vulnerability is no longer listed on this window.) |
||||||||||||||||
|
Actions |
The following buttons and icons enable you to navigate and manage the Suppressed Vulnerabilities tab. |
||||||||||||||||
|
|
Refresh the vulnerability data on the tab. |
||||||||||||||||
|
Page controls |
Move to the next or previous page or to the first or last page on the tab; or enter a specific page number in the Page field. Note that the default page size is 100 vulnerability records. |
||||||||||||||||
|
Close |
Exit the Suppressed Vulnerabilities tab. |
||||||||||||||||
next to the ID to display a pop-up containing details about the vulnerability. The details include:
next to the value to display a pop-up window that shows suppression details for each listed version. For more information, see 