Skip to main content

Edit scan vulnerability status

When Contrast discovers a vulnerability during a scan, it assigns a status of Reported to the vulnerability. This status indicates that the vulnerability could possibly be exploited.

You can change this status, based on how you are managing the vulnerability, to one of these values:

  • Confirmed: You've confirmed that the vulnerability is a true finding by reviewing the source code or exploiting it.

  • Suspicious: You've confirmed that the vulnerability appears to be a true finding based on the details provided, but it requires more investigation to determine its validity.

  • Not a problem: You've determined that the vulnerability doesn't require code changes.

    If you change the status to Not a Problem, it never changes to Remediated or any other status, even if subsequent scans don't discover the vulnerability. To have the vulnerability assessed again, change the status to Confirmed or Suspicious.

Batch edit Scan vulnerability status describes how to edit multiple statuses at the same time

Steps

  1. Select Scans in the header.

  2. Select a Scan project.

  3. Select the Vulnerabilities tab.

  4. Change the status:

    1. On the Vulnerabilities page, select a status in the Status column.

      Image shows the Scan Vulnerabilities list with the status options highlighted.

      Alternatively, select a vulnerability from the Vulnerabilities list and select a status on the right side of the view.

      Image shows the details view of a Scan vulnerability with the status options highlighted.
    2. Optionally, enter a comment explaining why you are making the change and select Override.

  5. Add comments for a vulnerability without changing its status:

    Image shows the comment box in the Activity tab for a Scan vulnerability.
    1. From the Vulnerabilities tab, select a vulnerability.

    2. Select the Activity tab.

    3. Enter a comment and select Add comment.