Issues cannot be manually marked as 'resolved'. There are 3 options for removing vulnerability and typo/dependency issues from the Unaddressed issues list:
- Issues that you decide do not need correction can be attested. The user will need to indicate the reason for attestation before the action can be completed, this can be audited later as needed.
- Once an issue is listed as attested it will no longer appear in the Unaddressed list. Issues are attested indefinitely unless a user elects to remove the attestation.
- Attested issues can be found in the Attested list. Read here for more information about attested issues.
- By selecting the Create a Ticket button in the issue detail view, SOOS will generate a ticket with the details of the recommended fix to be pushed to your integrated issue tracking system (Jira, Azure DevOps, or GitHub) for your team to triage appropriately.
- Selecting the Create Pull Request button will generate a Pull Request to be sent to GitHub for developers to address.
Options 2 and 3 will move the issue to Pending status and will no longer be visible in the Unaddressed list. Once the fix has been put into place and the vulnerability no longer exists in your project, when SOOS rescans your project the pending issue will be moved to Resolved status.