To structure your work with security and remediation, you can tag your findings with three different tags: Fixed, Accepted risk, and False positive.
If you have fixed a vulnerability, you can mark the finding as fixed. If we detect the same vulnerability in a future scan, it will still show up in the report, but it will be tagged. This tag can be useful if you’d like to track the findings you are working with.
If you are aware of certain vulnerabilities, but don’t want them to be reported as findings every time you run a scan, you can mark them with “Accepted risk”. This way, you won’t be notified about the vulnerability again and it will not be included in the Findings Count.
While marking findings as accepted risk can be handy if you are certain that they are not significant for your site’s security, this tag should be used carefully. If you are unsure, we recommend you drop us a line at firstname.lastname@example.org and we will help you out.
This is a finding that appears to be a vulnerability, but actually isn’t one. If you believe you have identified a false positive, go to Findings, expand the tab with the relevant finding and tag it as a “False Positive”. We review every report and if the false positive is valid, we add it to a future release. When you mark a vulnerability as a false positive, it will no longer show up when you run a scan and will thus not be included in the Findings Count.