Unsuppress Vulnerability Window
The Unsuppress Vulnerability window is displayed when you click the Unsuppress button for a given security vulnerability on the Suppressed Vulnerabilities Tab. (For information about accessing this window, see Viewing Suppressed Security Vulnerabilities.)
The Unsuppress Vulnerabilities window enables you to unsuppress the security vulnerability for one, some, or all of component versions for which it was previously suppressed. The unsuppression process takes place at the system level of Code Insight, affecting all projects in your Code Insight instance.
Basically this process reverses the effects of the vulnerability’s previous suppression so that the vulnerability is once again available for processing. It can be published in reports, counted in vulnerability totals at the project, inventory, and component levels, and automatically associated with inventory during future project scans and rescans in your Code Insight instance. For a complete description of the impact on Code Insight when you unsuppress a vulnerability, see Effects of Unsuppressing a Security Vulnerability.
Only a Code Insight System Administrator only can unsuppress a vulnerability.
The follow describes the fields and features on the Unsuppress Vulnerability window that enable you to unsuppress a given vulnerability.
|
Category |
Description |
|||||||
|
Vulnerability Id |
(Not editable) The ID assigned to the vulnerability by the source that reported it (see the next field). Optionally, you can click the hyperlinked CVE ID in an entry to view the vulnerability details found on the NVD or other website:
|
|||||||
|
Source |
(Not editable) The research system or organization that reported the security vulnerability (for example, NVD, Secunia, or another advisory entity). |
|||||||
|
Severity |
(Not editable) The level of security risk that this vulnerability can have on your software. The advisory system uses the vulnerability’s CVSS score to set the severity. See Understanding Severity Levels for Security Vulnerabilities. |
|||||||
|
CVSS v3.x (or v2.0) Score |
(Not editable) The vulnerability’s CVSS score as determined by the advisory system. Depending on your Code Insight configuration, this score is in either CVSS 3.x or CVSS 2.0 format. For more information, see Understanding Severity Levels for Security Vulnerabilities. For a vulnerability found in the NVD, the UI also provides access to a CVSS calculator (provided by NVD). Using this calculator, you can tweak the factors that determined the NVD-based score to calculate another score that is more realistic for your product. This score can then be used internally to direct your review and remediation processes. For information about accessing the CVSS calculator, see the CVSS <version> Score description in Security Vulnerabilities Window. |
|||||||
|
Description |
(Not editable) The vulnerability description, as captured from the advisory system. |
|||||||
|
Affected Component |
(Not editable) The OSS or third-party component that is impacted by this security vulnerability. |
|||||||
|
Version Scope |
(Required) Select the scope of component versions for which you want to unsuppress the vulnerability.
By default, this option is initially selected.
|
|||||||
|
Select Version(s) |
(Enabled and required when Version Scope is Specific Suppressed Version(s)) From the dropdown list, select each version for which the vulnerability should be unsuppressed. The dropdown list shows only those versions for which the vulnerability is currently suppressed. If necessary, you can remove any of your version selections by clicking the small |
|||||||
|
Unsuppression Remarks |
(Required) Enter all additional information pertinent to the unsuppression of the vulnerability for the component version(s). |
|||||||
|
Actions |
The following buttons enact or discontinue the process of unsuppressing the vulnerability. |
|||||||
|
Unsuppress |
(Enabled when all required fields have been completed) Click to unsuppress the security vulnerability for the specified component version(s). Then click OK in the pop-up to acknowledge that vulnerability has been unsuppressed. |
|||||||
|
Close |
Close window without saving your input. |
|||||||
icon to the right of the version.