Overview of the Global Suppression and Unsuppression of a Vulnerability

For various reasons, your site might want to suppress—that is, hide—a security vulnerability that is associated with one or more component versions used by inventory across projects in Code Insight. (You specify the versions for which to suppress the vulnerability.) For example, maybe you have taken remedial steps to protect your code against the vulnerability. Perhaps the vulnerability affects a part of the component code not used in your product or products. Or maybe the vulnerability has proven to be a “false positive” (that is, incorrectly associated with a component version).

Any vulnerability can be suppressed globally—including a custom vulnerability, a vulnerability reported in scan results, or a vulnerability detected during an Electronic Update or the daily Library Refresh (and for which an alert is generated for each impacted inventory item). Once suppressed for specified component versions, the vulnerability is no longer visible for those component versions in the user interface (except on the Suppressed Vulnerabilities Tab), published in reports, counted in vulnerability totals for component versions, inventory, and projects, or applied to inventory during future project scans across Code Insight.

Should you later determine that a vulnerability suppressed globally does impact your product code, you can unsuppress it for one, some, or all component versions. Once unsuppressed, the vulnerability is again visibly associated with impacted inventory, thus reversing the other effects of its previous suppression.