Create and manage exceptions

If an environment contains vulnerabilities that are false positives, accepted risks, or have compensating controls, you may want to create an exception to hide the vulnerability from the Vulnerabilities page, dashboards, and scan details. Hiding excepted vulnerabilities reduces noise in Application Security (InsightAppSec) so you can focus on what matters most.

Before you begin

Before you can view, approve, and create exceptions, you must have:

• At least one discovered vulnerability in Application Security (InsightAppSec). For more information on discovering vulnerabilities, review Create a Scan Config.
• The Application Security Admin role.

Explore exceptions

There are a few different ways to explore your exceptions. You may encounter the following statuses:

To view all exceptions:

1. From the Command Platform, go to Application Security > Vulnerabilities > Exceptions.
2. Use the quick filters at the top or add filters as needed.

To view vulnerabilities associated with an exception:

1. From the Command Platform, go to Application Security > Vulnerabilities > Exceptions.
2. Use the quick filters at the top or add filters as needed.
3. Locate an exception.
4. Click Expand (down arrow).

A table expands to display a list of vulnerabilities associated with the exception.

Create and activate exceptions

You can create exceptions from the Vulnerabilities page.

To create an exception:

1. From the Command Platform, go to Application Security > Vulnerabilities.
2. Add filters as needed.
3. Select vulnerabilities to except.
4. Select Create Exception.
5. Enter an Exception Name.
6. Select a Reason.
7. Choose an Expiry Date:
   1. Time Frame: Select a time frame to automatically apply an expiration date based on today. For example, if you select 1 Year, the exception will expire one year from today.
   2. Custom Date: Use the calendar to select a specific year, month, and day.
8. Select Apply.
9. Select Submit.

After creating an exception, activate it to make it effective.

To activate an exception:

1. From the Command Platform, go to Application Security > Exceptions.
2. Add filters as needed.
3. Locate an exception to activate.
4. Select the Actions menu (…) > Activate.

The exception is now active. Any associated vulnerabilities will not be displayed on dashboards, scan details, and the Vulnerabilities page.

Review and manage exceptions

You may need to adjust an exception’s expiration date or status at any time. If an inactive (Expired, Created, Deactivated) exception is no longer needed, you can delete it.

To change an exception’s status:

1. From the Command Platform, go to Application Security > Exceptions.
2. Add filters as needed.
3. Locate an exception to activate.
4. Select the Actions menu (…), then select a new status.

For more information on the status, review Explore Exceptions.

You can extend an active expiration. If an exception is expired, you must re-activate it before you can extend it.

To extend an exception:

1. From the Command Platform, go to Application Security > Exceptions.
2. Add filters as needed.
3. Locate an active exception.
4. Select the Actions menu (…) > Extend.
5. Choose a new Expiry Date:
   1. Time Frame: Select a time frame to automatically apply an expiration date based on today. For example, if you select 1 Year, the exception will expire one year from today.
   2. Custom Date: Use the calendar to select a specific year, month, and day.
6. Select Apply.
7. Select Submit.

To delete an inactive (Expired, Created, Deactivated) exception:

1. From the Command Platform, go to Application Security > Exceptions.
2. Add filters as needed.
3. Select inactive exceptions (Expired, Created, Deactivated) to delete.
4. Select Delete.
5. Confirm the delete action by selecting Delete again.