Marking Vulnerabilities as Invalid/Valid

Marking Vulnerabilities as Invalid

When triaging security issues within a DevSecOps system, you might want to set a vulnerability as a False Positive, Duplicate, or a Non-Issue etc.

  • Select Bulk Operations, where you will be given two options:

    1. Enter False Positive Mode
    2. Enter Duplication Mode

  • Select Enter False Positive Mode

Vulnerability Management 4

You will be able to set any of these vulnerabilities as False Positives by clicking the Set as False Positive button.

Vulnerability Management 5

After a vulnerability has been set as a False Positive, it will be marked as an Invalid Vulnerability, which can be viewed in the Invalid Vulnerability tab.

Vulnerability Management 6

In Uleska, Invalid Vulnerabilities are not included in reports, and the Risk is not included in the overall Risk for the specific Application or Version.

Marking Vulnerabilities/Issues as Valid

To set the vulnerability as Valid, click on the White Tick , which will put the vulnerability back into the main list of vulnerabilities and reported back to various stakeholders.

Vulnerability Management 7