Triaging Container Security Results
Important
The following permissions enable users to triage results:
update-result-state-not-exploitable (can change this state only)
update-result-state-propose-not-exploitable (can change this state only)
update-result-states (can change all states except not-exploitable; can’t change the severity)
update-result-severity (can change only severities)
For group related permissions, add "-if-in-group" the relevant permission, e.g., update-result-state-not-exploitable-if-in-group.
You can triage vulnerabilities by adjusting the Severity, State and risk Score of the vulnerability. Hover over a vulnerability and click on the Edit button. In the dialog that opens, you can click on the Severity, State or risk Score and select the value that you would like to assign. You can also add a note explaining the reasoning for the change. You can select different vulnerabilities within the same package and triage each of them.
 |
Bulk Action Triaging Results
You can triage multiple vulnerabilities with a single bulk action.
In the Vulnerabilities tab, select the checkbox next to each vulnerability that you would like to include in the bulk action triage. Then, click on Edit Properties.
All of the selected vulnerabilities are shown and you can click on each one to see the relevant details.
Make changes to the Severity, State, and/or risk Score. The changes are applied to all of the selected vulnerabilities.
