Skip to main content
Skip table of contents

Triage your Container Findings

Overview

As a Security Champion or AppSec manager, you will review the top Applications and Projects with Container security findings. You will want to drill down to review their summaries and findings and take suppression actions.

Getting it done

After Reviewing your Container Image Scan Results, you can also take action, depending on their level of relevance. Possible actions include marking Findings and Packages as reviewed or suppressing them in case you consider the analysis a false positive.

In the Containers view, there are several actions you can perform:

Marking Findings as Reviewed

  1. Navigate to an Application/Project view, and click on the Containers section.

  2. Select a Finding/Package you would like to review.

    image-20240809-204712.png

  3. Click Mark as In Review to have the Finding/Package marked as Reviewed.

    image-20240809-204355.png

  4. Click Mark as In Review to approve this action.

    image-20240809-205628.png

Once reviewed, a proper indication will pop up at the bottom-left corner of the screen:

image-20240809-211506.png

Suppressing Findings

When a false-positive/acceptable risk is reported, the workflow is to suppress it. This action should be coupled with a suppression reason for tracking and future reference.

  1. Navigate to an Application/Project view, and click on the Containers section.

  2. Select a Finding/Package you would like to review.

    image-20240809-204712.png

  3. Click Suppress to have the Finding/Package marked as Suppressed.

    image-20240809-205859.png

  4. Choose the Suppression Reason.

  5. You can add descriptive Comment (Optional).

    image-20240809-210427.png

  6. Click Suppress to save this action.

  7. Once suppressed, a proper indication will pop up at the bottom-left corner of the screen:

    image-20240809-211441.png

  8. This action can be reverted, by clicking ‘Unsuppress’ on a suppressed finding:

    image-20240809-211750.png

The unsuppressed option is handy, for instance, when you discover that a finding was suppressed accidentally or if, later on, there’s some uncertainty regarding the correct status of the finding (Suppressed/Unsuppressed), and it should be further debated within your team.

After you suppress a finding, the Suppression Details will be displayed in the Finding/Package Overview section which will help you easily understand who suppressed the Finding/Package and why it was suppressed:

image-20240809-211849.png

Bulk Actions

Triage actions described earlier in this article can be performed in bulk on a selection of Findings or Packages.

To perform a bulk action, select at least one row in the Findings/Packages table. This should spawn the Actions drop-down menu.

This menu allows you to suppress or unsuppressed Findings/Packages, and mark them as Reviewed or Unreviewed:

image-20240809-211143.png

Reference

Review the Container Image Scan Findings within your Organization

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close