Effects of Unsuppressing a Globally Suppressed Security Vulnerability
When you unsuppress a security vulnerability, the effects of the vulnerability’s previous suppression are reversed. That is, once a vulnerability is unsuppressed for a specific component version, it is now counted in vulnerability totals and is visibly listed at the project, inventory, and component-version levels. The count increase is evident on the project dashboards and on the Vulnerabilities bar graphs in the Web UI, as well as in subsequently generated API responses and reports (Project and Audit). Likewise, the actual vulnerability is now visible in the list of vulnerabilities on the Security Vulnerabilities window (which is opened when you click a Vulnerabilities bar graph) and in API responses or reports.
The following describes the impact that unsuppressing a security vulnerability has on other features of Code Insight:
| • | Advanced Search on the Project Inventory tab and Inventory View—When an inventory search is based the vulnerability name or severity, the results now list any inventory items that are associated the unsuppressed vulnerability. |
| • | Alerts—Any alerts that were automatically closed due to the previous vulnerability suppression are automatically reopened. Open and closed alert counts are adjusted to reflect the changes on the Project Inventory tab, in the Analysis Workbench, and on the Inventory view. |
Note:If, after unsuppressing a vulnerability globally, you want to change the status or priority of the alert for an impacted inventory item in a given project, see Managing Security Vulnerability Alerts.
| • | Policies—Once a security vulnerability is unsuppressed, no changes are initially propagated to those review policies that are based on vulnerabilities. However, each time one of these policies is triggered thereafter (that is, when an inventory item is published), the policy will now consider the vulnerability when determining whether to automatically approve or reject the published inventory item. |
Additionally, a change in policy due to the unsuppression of a vulnerability does not change the existing approval/rejection status of a published inventory item unless the item is manually recalled and then republished.
| • | Subsequent scans and rescans—Once a vulnerability is unsuppressed, it is reflected in the results of subsequent rescans and initial scans, whether incremental or full. |