Change vulnerability status

This document is for:

Invicti Platform

All vulnerabilities identified during a scan are automatically assigned the Open status. As you review the detected vulnerabilities, you can change the status of each vulnerability on the vulnerabilities page. In addition to the Open status, there are three more options:

Fixed: This status is given to vulnerabilities that are fixed by developers. If the vulnerability is found again by Invicti, the vulnerability will be reopened and marked as Rediscovered.

False Positive: There are situations where a vulnerability is incorrectly detected by Invicti. The vulnerability will not be reported again in future scans.

Ignored: This status can be used for vulnerabilities that are not False Positives but which, for some reason, should be ignored in future scans.

This document explains how to manually change the status of a vulnerability or multiple vulnerabilities in Invicti Platform.

Change a vulnerability’s status

On the Vulnerabilities page click the vulnerability’s name to open a drawer with details.
On the details pane, click the name of the status to which the change applies.

The vulnerability now has the new status that you assigned.

Vulnerabilities marked as False Positive or Ignored can be reopened manually at any time. You can use filtering to find vulnerabilities with the changed status.

Change multiple vulnerabilities’ status

On the Vulnerabilities page enable the checkboxes by the vulnerabilities names.
Click the Bulk actions button, then select Mark.

Select Open, Fixed, Ignored, or False Positive status.

The vulnerabilities now have the new status that you assigned.

Integrate Invicti with an issue tracker application to streamline the vulnerability-fixing process. For more information, refer to the Configuring issue tracker integration document.