Batch edit Scan vulnerability status

When Contrast discovers a vulnerability during a scan, it assigns a status of Reported to the vulnerability. This status indicates that the vulnerability could possibly be exploited.

You can change this status for multiple vulnerabilities, based on how you are managing them, to one of these values:

Confirmed: You've confirmed that the vulnerability is a true finding by reviewing the source code or exploiting it.
Suspicious: You've confirmed that the vulnerability appears to be a true finding based on the details provided, but it requires more investigation to determine its validity.
Not a problem: You've determined that the vulnerability doesn't require code changes.
If you change the status to Not a Problem, it never changes to Remediated or any other status, even if subsequent scans don't discover the vulnerability. To have the vulnerability assessed again, change the status to Confirmed or Suspicious.

Steps

Select Scans in the header.
Select a Scan project.
Select the Vulnerabilities tab.
Use the checkbox on the left to select multiple vulnerabilities with the same status.
Selecting multiple vulnerabilities with different statuses is not supported.
In the batch action menu at the bottom of the page, select Status and select a status from the dropdown.
Optionally select the checkbox to change the status of all vulnerabilities with the same type.
Optionally, enter a comment in the Mark window.
Select Change status.

Note

Changing the status for large numbers of vulnerabilities at the same time can take several minutes to complete. Contrast displays a message when the change operation finishes.

In this section:

Batch edit Scan vulnerability status

Steps

Note

Search results