This page answers questions about Threat Stack’s default suppression list, how to suppress a vulnerability, and what suppressing, or unsuppressing, a vulnerability means.
Why do I see default suppressions in Threat Stack?
Based on extensive research, Threat Stack created a list of default vulnerabilities based on the following reasons:
- Low priority or not an issue
- No fix or patch available
- Not applicable due to configuration
Can I suppress a vulnerability, what does it mean to suppress it?
Yes, you can suppress all vulnerabilities for a package or an individual vulnerability for a package.
If you suppress a vulnerability, then the vulnerability for that package version is no longer assessed during a Vulnerability Assessment scan. It will display on the suppressed vulnerabilities list, and will no longer be listed as an active vulnerability.
NOTE: Threat Stack finds and logs suppressed vulnerabilities. Suppressing a vulnerability hides it and keeps you from viewing it in your report.
How do I suppress a vulnerability?
You can suppress a vulnerability by package and suppress all associated vulnerabilities. To suppress by a specific package, select the checkbox next to the package.
Alternatively, you can suppress a specific vulnerability for a given package. To suppress a specific vulnerability, select the checkbox next to the specific vulnerability.
How do I unsuppress a vulnerability?
You can remove a vulnerability suppression in Threat Stack. Removing a vulnerability enables the vulnerability assessment to evaluate that vulnerability and package version in subsequent scans.
- Go to suppressed vulnerability list
- Select the vulnerability
- Click the Remove Suppression button