Marking Vulnerabilities as Invalid
When triaging security issues within a DevSecOps system, you might want to set a vulnerability as a False Positive, Duplicate, or a Non-Issue etc.
- Select Bulk Operations, where you will be given two options:
1. Enter False Positive Mode
2. Enter Duplication Mode - Select Enter False Positive Mode
You will be able to set any of these vulnerabilities as False Positives by clicking the Set as False Positive button.
After a vulnerability has been set as a False Positive, it will be marked as an Invalid Vulnerability, which can be viewed in the Invalid Vulnerability tab.
In Uleska, Invalid Vulnerabilities are not included in reports, and the Risk is not included in the overall Risk for the specific Application or Version.
Marking Vulnerabilities/Issues as Valid
To set the vulnerability as Valid, click on the White Tick , which will put the vulnerability back into the main list of vulnerabilities and reported back to various stakeholders.
