Vulnerability Management

Marking findings in the Crashtest Security suite

You can find the functionality to mark a detected finding as a False Positive on the last scan page of each scan target. Here you have three options, you can mark your finding as false positive, won’t fix or accept risk. 

Screenshot 2020-10-30 at 10.26.12

False Positive Marking: By Marking a finding as “False Positive” marking, you are telling the scanners that the finding is false positive and you don’t want to see this finding again in the next scans.

Accept Risk: If you mark a finding as “Accept Risk”, you tell scanners that you are aware of the risk and you do not want to see this finding in the next scans.

Won’t Fix: When you mark a finding as “Won’t Fix”, you inform the scanners that you are aware of the issue and the vulnerability is not fixable so you do not want to see this finding on the next scans in the findings list.

After you mark a finding with any of these three options, you will be able to see them in the “Ignore Findings” table.

On this page, you can see all the findings which you marked and also the ignored reason. You have an option to “Undo” the mark. If you click on the undo button, the finding will be seen in the findings list and also it will appear for the next scans.