Effects of Suppressing a Vulnerability for a Given Project
Once a vulnerability is suppressed for a component version at the project level, it is no longer counted on the dashboard for the project and in the Vulnerabilities bar graph for a previously impacted inventory item. Additionally, subsequently generated API responses do not reflect the suppressed vulnerability.
Likewise, the actual vulnerability is no longer visible in the list of vulnerabilities on the Security Vulnerabilities tab (which is opened when you click the Vulnerabilities bar graph for a previously impacted inventory item). However, you can view the suppressed vulnerability on the Project subtab of the Suppressed Vulnerabilities tab on the Data Library page (see Viewing Security Vulnerabilities for a Specific Component Version at the Project Level).
The following describes the additional impact that a security vulnerability suppressed for a specific component version at the project level has on other features of Code Insight:
| • | Advanced Search on the Analysis Workbench, Project Inventory tab and Inventory View—When an inventory search is based the vulnerability name or severity, the results do not include any inventory item that is associated with the component version for which the vulnerability is suppressed in the project. |
| • | Alerts—The open alert for the suppressed vulnerability is automatically closed in the project; and the open and closed alert counts are adjusted on the Project Inventory tab, in the Analysis Workbench, and on the Inventory view. |
Note:If, after suppressing a vulnerability, you want to change the status or priority of the alert for the impacted inventory item in the project, see Managing Security Vulnerability Alerts.
| • | Subsequent scans and rescans—Once a vulnerability is suppressed, it is no longer reflected in the results of subsequent rescans and initial scans, whether incremental or full, on the project. |
| • | Vulnerability currently suppressed at project level later suppressed globally—If a vulnerability currently suppressed at the project level is later part of a global suppression of the vulnerability, it is removed from the Project subtab and added to the Global subtab of the Suppressed Vulnerabilities tab on the Data Library page. In other words, the vulnerability remains suppressed for the specified component version in the project. However, it is unsuppressed at the project level (and its exclusion analysis is deleted) and then suppressed at the global level along with all other inventory associated with this same component version across projects in Code Insight. |