Vulnerability management workflow
Consider using this workflow when managing vulnerabilities that Contrast reports.
After you install and configure a Contrast agent, exercise the application.
Contrast uses Contrast Assess to detect vulnerabilities and and provide notifications to users.
Developers evaluate the issues and decide if they need to remediate the code.
If yes, they remediate code.
If no (for example, Contrast reports a false positive) developers set the vulnerability status to Not a problem.
The developer provides a reason for this status.
If code is remediated, developers retest the application to confirm that the vulnerability was successfully addressed.
If code a set to Not a problem, a security team reviews and approves the reason for not changing the code.