Contents: |
If Kiuwan finds any reported vulnerability of any component, it will display the details of the vulnerability and score the component in a Security Risk indicator.
But, depending on the concrete case, the alert might not apply to your organization or you can decide not to be alerted about certain vulnerabilities. In these cases, you can decide to Mute the Vulnerability so Kiuwan does not alert about it and consequently it's taking into account when calculating Security Risk indicators. |
In order to mute vulnerabilities , only users granted with Application Management permission are allowed to access Mute Vulnerabilities modules. |
Kiuwa Insights lets you to mute a specific CVE over a component(s) (i.e. this specific component should not raise this specific CVE)
You cannot completely mute a CVE. You can mute a CVS over a specific component(s), but the CVE remains active and any new component affected by that CVE will still be reported. |
Muting a vulnerabiltiy over a component can be applied to several scopes
XXXXXXXXXX | ||
---|---|---|
Scope | Precedence | Meaning |
Component | 1 | The CVE muted applies to the selected component in all the applications that component may appear. |
App-Comp | 2 | The CVE muted applies to the selected component only in the specified application. Same component in other applications remains flagged as vulnerable by that CVE. |
Precedence column means the apllicability of the mute in case of conflicts, being applied the case with higher precedence value.
Mutes are applied retroactively, i.e. mutes will be applied not only to future analyses but also to past analyses |
You can mute at different locations:
***********************************************
You can access Licenses Policies page from License tab
Licenses Policies allows you to make changes based on Licenses and/or Components
When "By License" tab is selected, the full list of Licenses used by your application's components is displayed
Clicking on Modify button of a License will open Modify License Policy dialog.
Global scope
Application scope
See Scope of Changes for explanation of scopes.
When "By Component" tab is selected, the full list of Componets used by your application'is displayed
Clicking on Modify button of a License will open Modify License Policy dialog.
Component scope
Application scope
See Scope of Changes for explanation of scopes.
You can modify the License Risk of any license/component from License tab.
Just click on the dropdown menu at the right of a specific License and select Modify Policy.
Clicking on Modify Policy will open Modify License Policy dialog
Then, you can decide either to change the level at a Global or Application scope
See Scope of Changes for explanation of scopes.
If you want to modify the License Risk level of a specific Component, open the License row and select Modify License option of the selected component.
Clicking on Modify Policy will open Modify License Policy dialog for the selected component
Then, you can decide either to change the level at a Component (Global value) or App-Comp (Application value) scope
See Scope of Changes for explanation of scopes.