To structure your work with security and remediation, you can tag your findings with three different tags: Mark as fixed, Accept risk, and False positive.
Mark as fixed
If you have fixed a vulnerability, you can mark the finding as fixed. If we detect the same vulnerability in a future scan, it will still show up in the report, but it will be tagged. This tag can be useful if you’d like to track the findings you are working with.
If you are aware of certain vulnerabilities, but don’t want them to be reported as findings every time you run a scan, you can mark them with “Accept risk”. This way, you won’t be notified about the vulnerability again and it will not be included in the Findings Count.
While marking findings as accepted risk can be handy if you are certain that they are not significant for your site’s security, this tag should be used carefully. If you are unsure, we recommend you drop us a line at firstname.lastname@example.org and we will help you out.
This is a finding that appears to be a vulnerability, but actually isn’t one. If you believe you have identified a false positive, go to Findings, select the list view and click on False positive to report a false positive. We review every report and if the false positive is valid, we add it to a future release. When you mark a vulnerability as a false positive, it will no longer show up when you run a scan and will thus not be included in the Findings Count.