Request a vulnerability be dismissed as Zero Risk
Role required: User, Vulnerability Manager or User Manager
Note: Zero Risk requests generated by members with the User role must be approved by a Vulnerability Manager or User Manager before they are considered by Fluid Attacks. Without this member's approval, the reported vulnerability will
break the build when Users attempt to deploy the system version containing it.
There is a special
Treatment that you can request for any reported vulnerability when, according to analysis and consideration taken by your organization, said vulnerability poses no threat. This Treatment is called Z
ero Risk. In order to make a Zero Risk request you can take the same
steps taken to assign a normal
treatment.
After choosing to give a Zero Risk Treatment to the selected vulnerability you only need to add a Treatment justification. This information will be used by Fluid Attacks to consider whether the vulnerability actually poses no threat at all, in which case the vulnerability will be deleted. However, if Fluid Attacks still considers there is a risk caused by that vulnerability, then it will remain reported.
You can also apply Zero Risk to several vulnerabilities simultaneously by selecting them in the check box on the left side and clicking the Edit button.
There you select the treatment, giving a single justification for all the vulnerabilities you selected.
Free trial