Contrast Scan vulnerability statuses
This table lists the different statuses that you or Contrast sets for vulnerabilities that Contrast Scan discovers.
Status | Automated or manually set? | Description |
|---|---|---|
Reported | Automated | Contrast sets this status automatically the first time it discovers vulnerabilities during a scan. |
Confirmed | Manual | You've reviewed the code and confirmed that the vulnerability is a true finding. |
Suspicious | Manual | The vulnerability seems to be a true finding, but it needs more investigation to determine its validity. |
Not a problem | Manual | The vulnerability doesn't require code changes. Optionally, you can provide a reason for this status change. If you change the status to Not a Problem, it never changes to Remediated or any other status, even if subsequent scans don't discover the vulnerability. To have the vulnerability assessed again, change the status to Confirmed or Suspicious. |
Remediated | Automated | A change to the source code or application configuration files fixed the vulnerability. |
Fixed | Automated | Not currently used. |
Remediated Auto-verified | Automated | The vulnerability had a status of Remediated. After the fifth scan, Contrast updates the Remediated status to Remediated Auto-Verified. |
Reopened | Automated | The vulnerability had a status of Remediated, but a new scan detects the vulnerability again. Contrast changes the status to Reopened. |