Creating Issue Suppressions & Attestations
The Suppression workflow is changing to include the four options listed below. This workflow may not have been rolled out to your account yet.
In some cases you may determine that an issue is not something that will be addressed, or an alternate mitigation solution is already in place. In these cases the issue may be moved to the Suppressed Issues workflow from either Unaddressed Issues or Pending Issues workflow states.
Click the Suppress icon.
Select the type of suppression to apply, details about how the suppression will behave, and where it will appear are provided.
Marking an issue as a false positive, with a justification message. This type of suppression will flow into your CycloneDX or VEX documents as a false positive attestations with the reasoning specified.
False positive suppressions, will be removed from issue statistics.
Attest to an issue to indicate why it is not an actual issue. This type of suppression will flow into your CycloneDX or VEX documents as attestations with the reasoning specified.
- Indicate an appropriate Attestation Justification to describe why the decision was made to attest the issue.
- Indicate the Course of Action for handling the attested issue.
- Enter any additional Attestation Details to support the decision to attest to the issue.
The attestation fields are mapped to CycloneDX or CSAF VEX properties when generating SBOMs, so it's important to provide the most accurate information here.
Attested issues will be removed from issue statistics.
Temporarily suppress an issue so that it comes out of your Unaddressed or Pending issue workflows, but will resurface in these workflows after the specified period of time.
Snoozed issues will still be included in issue statistics.
Permanently suppress an issue so that it comes out of your Unaddressed or Pending issue workflows.
Waived issues will still be included in issue statistics.
A toaster message will confirm the issue suppression. Rescan the project to recalculate the project metrics if applicable.
Suppressions may be scoped beyond the current issue, so that repeated suppressions do not need to be made for other branches in the project or even other projects and branches.
