Viewing All Vulnerabilities Suppressed for Projects at the Project Level
The following procedure describes how to obtain a view of all security vulnerabilities that were suppressed for projects at the project level (that is, using the procedure in Performing an Exclusion Analysis for and Suppressing a Vulnerability for a Given Project). Any Code Insight user can access this view.
Note:The Unsuppress button is enabled in the Action column for only those vulnerabilities that you have permissions to unsuppress. You can click this button to unsuppress the vulnerability or simply update its current analysis information. For more information, see Updating the Analysis for a Vulnerability Suppressed at the Project Level. For all other users, this button is disabled.
To obtain a view of all vulnerabilities suppressed at the individual project level in Code Insight, do the following:
|
1.
|
Click the following icon in the upper right corner of the Code Insight web page to open the Code Insight main menu: |
|
2.
|
Select DATA LIBRARY from the menu to open the Data Library page. |
|
3.
|
Select Suppressed Vulnerabilities tab to view the list of the currently suppressed security vulnerabilities in Code Insight. |
|
4.
|
Click the Project subtab to view the list of all vulnerabilities suppressed for projects at the project level. |
From this tab, you can review the following information about each suppressed vulnerability. For a complete description of this information, see Project Subtab Information and Features in the “Suppressed Vulnerabilities Tab” topic.
|
•
|
Immediately identify the project—The project for which the vulnerability was suppressed is displayed in the first column. |
|
•
|
Easily identify the vulnerability—In the adjacent columns, you can see the vulnerability’s ID, the OSS or third-party component with which the vulnerability is associated, and the specific component version for which the vulnerability is currently suppressed. |
|
•
|
View additional details about the vulnerability—Click the Information icon next to the vulnerability’s ID to review the vulnerability’s advisory, severity, CVSS score, and description. |
|
•
|
View the details of the vulnerability’s current exclusion analysis—These details provide justification for the vulnerability’s suppression or, more recently, might be updated to show current justification for unsuppressing the vulnerability. The analysis details also include the date that the analysis was first created and the date of the latest update. |