Suppressing Vulnerabilities FAQ
This page answers questions about Threat Stack’s default suppression list, how to suppress a vulnerability, and what suppressing or unsuppressing a vulnerability means.
Why do I see default suppressions in Threat Stack?
Based on extensive research, Threat Stack created a list of default vulnerabilities based on the following reasons:
- Low priority or not an issue
- No fix or patch available
- Not applicable due to configuration
Can I suppress a vulnerability? What does it mean to suppress it?
Yes, you can suppress all vulnerabilities for a package or an individual vulnerability for a package.
If you suppress a vulnerability, the vulnerability for that package version is no longer assessed during a Vulnerability Assessment scan. It will display on the suppressed vulnerabilities list, and will no longer be listed as an active vulnerability.
Note
Threat Stack finds and logs suppressed vulnerabilities. Suppressing a vulnerability hides it and keeps you from viewing it in your report.
How do I suppress a vulnerability?
You can suppress vulnerabilities by package or by individual vulnerability.
To suppress a vulnerability by package:
- Go to Servers > Vulnerabilities tab > Active Vulnerabilities button. The suppressed vulnerability list displays.
- Select the check box next to the package. All vulnerabilities in the package are selected.
- Click the Actions button. The Actions pane displays.
- In the Reason section, select one of the radio buttons.
- Click the Suppress [#] Vulnerabilities button. Threat Stack suppresses the vulnerabilities in that package.
To suppress an individual vulnerability:
- Go to Servers > Vulnerabilities tab > Active Vulnerabilities button. The suppressed vulnerability list displays.
- Select the check box next to the individual vulnerability to suppress.
- Click the Actions button. The Actions pane displays.
- In the Reason section, select one of the radio buttons.
- Click the Suppress [#] Vulnerabilities button. Threat Stack suppresses the vulnerability across all packages.
How do I unsuppress a vulnerability?
You can remove a vulnerability suppression in Threat Stack. Removing a vulnerability enables the vulnerability assessment to evaluate that vulnerability and package version in subsequent scans.
- Go to Servers > Vulnerabilities tab > Suppressed Vulnerabilities button. The suppressed vulnerability list displays.
- Select the check box next to the vulnerability to unsuppress.
- Click the Actions button. The Actions pane displays.
- Click the Remove [#] Suppression button. The vulnerability is no longer suppressed.