Question: Suppressed vulns do not persist on new version upload #1857
Unanswered
gingerpembers
asked this question in
Q&A
Replies: 1 comment
-
|
Have you tried asking in Dependency Track forums? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I have a project which has SBOM's uploaded from a pipeline. This results in a new SBOM being pushed to Dependency Track (DT) as a new version in that project.
When a new version is uploaded, I also set this to latest.
My issue is that if I suppress an issue (for example false positive, or not affected) and use the suppressed toggle, when a new version of that project is uploaded then the same issue is reported again, it does not appear to be retaining the suppressed status of that vuln.
I have tested this by uploading new versions with the same SBOM file as the previous one to ensure that they aren't slightly different.
This appears to behave this way for both Audit Vulns suppression and policy violation suppressions
Beta Was this translation helpful? Give feedback.
All reactions