Recently Viewed Topics
Accept Risk Rules
Any non-admin user can accept a vulnerability risk by adding an Accept Risk Rule. Adding a rule moves vulnerabilities from the unfiltered cumulative database view. These vulnerabilities are not deleted, but only display in the cumulative database vulnerability view if the Accepted Risk filter option is checked. Once a risk has been accepted, the admin user can view the details of and delete the accept rules associated with the risk if they deem that the risk is still valid. Click on Repositories and then Accept Risk Rules. From there a list of available rules is displayed and may be filtered by Plugin ID, Repository, and Organization combination. Choose All for Repository and Any for Organization if plugin IDs are to be accepted across these boundaries. This is especially useful in setups where hundreds of repositories or organizations have been configured and the same accept risk rule must be applied globally.
To see more information about a rule, click the rule to be viewed from the list or click View from the gear icon drop-down menu. To remove a rule, select it from the list, click Delete from the gear icon drop-down menu. A confirmation dialog appears that confirms you wish to delete the accepted risk rule.
Click Delete > Apply Rules in the top left for the changes to take effect. Once completed, any vulnerabilities that had been modified by the accept risk rule are displayed unfiltered in the cumulative database.