dependency-track icon indicating copy to clipboard operation
dependency-track copied to clipboard

Published 20 hours ago verified publisher icon DependencyTrack

Surpressing vulnerability does not surpress corresponding policy violation

Open rkg-mm opened this issue 3 years ago • 0 comments
trafficstars

Current Behavior:

When surpressing a vulnerability, a corresponding policy violation is not surpressed and needs to be surpressed manually too.

Steps to Reproduce:

  1. Create a policy targeting vulnerabilites
  2. Have a vulnerable component
  3. Surpress the vulnerability because the project is not affected
  4. Check the policy violations

Expected Behavior:

Policy violations should be removed for a surpressed vulnerability

Environment:

  • Dependency-Track Version: 4.4.2
  • Distribution: Docker
  • BOM Format & Version: CycloneDX BOM 1.3

rkg-mm avatar Jun 02 '22 17:06 rkg-mm