Accept vulnerabilities

The Acceptance section in Policies shows the types of vulnerabilities that your team has requested be permanently and temporarily accepted. Accepting vulnerabilities means acknowledging and tolerating their associated risks. The policies approved here apply to reports across all the groups within your organization.

Accepted vulnerabilities are ignored by Fluid Attacks's CI Agent during build checks. You assume the risk associated with allowing these vulnerabilities into production.

Accept vulnerabilities permanently

The first table in Acceptance lists the types of vulnerabilities your team has suggested for permanent acceptance, as well as any tags for classification added by the person who made the request and the status (Approved, Rejected, or Pending) and date of the request. User Managers can see in the Action column with the options to approve ( Press to approve acceptance on the Fluid Attacks platform ), reject ( Press to reject acceptance on the Fluid Attacks platform ), reactivate ( Press to reactivate acceptance on the Fluid Attacks platform ) or deactivate ( Press to deactivate acceptance on the Fluid Attacks platform ) permanent acceptance.

View permanent acceptance policies on the Fluid Attacks platform

Submit a vulnerability type to accept

Role required: User or User Manager

Any team member can make the approval request, but only User Managers can approve or reject it. To add a vulnerability type, follow these steps:

Click on the Vulnerability type field. This makes a list appear for you to select the type of vulnerability you want to submit for acceptance.

Optionally, add one or more tags for classification.

Click on the plus button to submit the request.

Submit permanent acceptance policy on the Fluid Attacks platform

Upon clicking the plus symbol, the type of vulnerability appears in the table with Submitted in the Status column.

Note: If you have the user manager role, your submission is automatically approved.

Approve and reject acceptance requests

Role required: User Manager

The Action column presents you with options to manage acceptance requests. Use these options to manage requests in the Submitted status:

Click the check mark button () to approve a request. This changes its status from to Approved.
Click the cross mark button () to reject a request. This changes its status to Rejected.

Approve and reject acceptance requests on the Fluid Attacks platform

Reactivate and deactivate acceptance policy

Role required: User Manager

The Action column also presents you with the options to reactivate and deactivate an acceptance policy for a type of vulnerability:

Click the right arrow button () to reactivate a policy.

You have to confirm the action. Doing so changes the policy status from Inactive to Approved.
Click the prohibition sign button () to deactivate a policy.

Upon clicking the button, a pop-up window appears asking for confirmation. By clicking on Confirm, this policy's status changes from Approved to Inactive.

Add tags to classify vulnerabilities for acceptance

Role required: User or User Manager

When submitting a type of vulnerability in Acceptance, you can add one or more tags to classify it. These tags are meant to help you find information fast in future searches and allow you to do analyses using categories that your team finds meaningful. For the latter, Fluid Attacks offers the analytics Tags by groups and Findings by tags.

Accept vulnerabilities temporarily

Role requirements for submitting, approving, rejecting, deactivating and reactivating types are the same as for permanent acceptance of vulnerabilities. See details above.

The second table in Acceptance shows the types of vulnerabilities your team has suggested for temporary acceptance, any assigned tags, and request status and date. Additionally, User Managers are offered multiple options to manage requests.

View temporary acceptance policies on the Fluid Attacks platform

A temporary acceptance policy can be created for an individual type of vulnerability or all types:

To submit a request for one type, click on the Vulnerability type field, select the type of vulnerability and click the plus button. You can optionally add tags.

Upon clicking the button, the policy appears in the table with the Submitted status. Only a member with the User Manager role can approve or reject it.

See submitted temporary acceptance policies on the Fluid Attacks platform

To submit a request for all types, select All vulnerability types after clicking on the Vulnerability type field, then add tags (optional) and click on the plus button.

By creating this policy, you acknowledge and temporarily tolerate the risks of all types of vulnerabilities detected in your system.

Request temporary acceptance of all vulnerabilities on the Fluid Attacks platform

Note: Submissions by User Managers are automatically approved.

Members with the User Manager role can manage temporary acceptance from the Action column as follows:

Approve a request with the check mark button ()
Reject a request with the cross mark button ()
Reactivate a policy with the right arrow button ()
Deactivate a policy with the prohibition sign button ()

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.