Creating Issue Suppressions & Attestations

in some cases you may determine that an issue is not something that will be addressed, or an alternate mitigation solution is already in place in these cases the issue may be moved to the suppressed issues docid\ hly 6td9ummqeoouqtk78 workflow from either unaddressed issues docid\ pwpdh1ceuhguxtfpl27ne or pending issues docid 5rcjpawfmkrul1s3vsynt workflow states adding a suppression click the suppress icon issue attestation button select the type of suppression to apply, details about how the suppression will behave, and where it will appear are provided suppression selection false positive marking an issue as a false positive, with a justification message this type of suppression will flow into your cyclonedx or vex documents as a false positive attestations with the reasoning specified false positive suppressions, will be removed from issue statistics attest attest to an issue to indicate why it is not an actual issue this type of suppression will flow into your cyclonedx or vex documents as attestations with the reasoning specified indicate an appropriate attestation justification to describe why the decision was made to attest the issue indicate the course of action for handling the attested issue enter any additional attestation details to support the decision to attest to the issue the attestation fields are mapped to cyclonedx or csaf vex properties when generating sboms, so it's important to provide the most accurate information here attested issues will be removed from issue statistics snoozing temporarily suppress an issue so that it comes out of your unaddressed or pending issue workflows, but will resurface in these workflows after the specified period of time snoozed issues will still be included in issue statistics waiving permanently suppress an issue so that it comes out of your unaddressed or pending issue workflows waived issues will still be included in issue statistics a toaster message will confirm the issue suppression rescan the project to recalculate the project metrics if applicable suppression scope suppressions may be scoped beyond the current issue, so that repeated suppressions do not need to be made for other branches in the project or even other projects and branches issue suppression scope