Mark a container vulnerable item (CVIT) or remediation task as a false positive if the warning given by the scanner is not actually an issue. For example, if a CVIT has been decommissioned but the scanner is still raising an issue related to it, mark it as a false positive.

Important: As a Vulnerability analyst and remediation owner, you can request false positives from the Vulnerability Manager Workspace and IT Remediation Workspace respectively.

Before you begin

Role required: remediation owner

Procedure

  1. Navigate to All > Container Vulnerability Response (or Remediation Tasks) > All.
  2. Open the CVIT you want to mark as a false positive and click Mark as False Positive.
    The CVIT must be in an Open state.
  3. On the False Positive form, enter details in Additional information and click Request Approval.
    The request is sent for approval and the State of the CVIT changes to In Review. Both the requester and approver are notified via email.