This topic describes how to check and process detected vulnerabilities and risks on the Risks page.

Procedure

  1. Log on to the Cloud Security Scanner console.
  2. In the left-side navigation pane, click Risks.
  3. On the Risks page, you can check and manage vulnerabilities and content risks. Perform the following operations as needed.
    • Check and search for vulnerabilities

      In the vulnerability list, you can search for specific vulnerabilities by Status (Processed, Pending, False Positive, and Whitelist), Risk Level (High, Medium, Low, and Information), Vulnerability Type, Domain or IP, or the time that the vulnerability was Detected At.

    • View vulnerability details

      You can click a vulnerability in the Vulnerability Name column to view the details, including the Vulnerability Description, Proof of Concept, Impact, Suggestions, and Technical Reference.

    • Manage vulnerabilities
      The following table lists the operations that you can perform to manage vulnerabilities.
      Operation Description
      Mark as Processed After you verify and fix a vulnerability, you can perform this operation to set the status of the vulnerability to Processed.
      Add to Whitelist If you do not want a vulnerability to be detected by Cloud Security Scanner again, you can perform this operation to set the status of the vulnerability to Whitelist. The system will not scan for this vulnerability again.
      Mark as False Positive After you confirm that the vulnerability does not exist, you can perform this operation to set the status of the vulnerability to False Positive.
      • Manage one vulnerability at a time: In the vulnerability list, click an action in the Actions column, or on the Vulnerability Details.
      • Manage multiple vulnerabilities at the same time: In the vulnerabilities list, select the target vulnerabilities and click an action in the lower-left corner.
    • Check and search for content risks
      • On the Risks page, you can search for specific risks by Status (Processed, Pending, False Positive, and Whitelist), Risk Level (High, Medium, Low, and Information), Domain or IP, and the time that the risk was Detected At.

      • In the risk list, find the target risk and click the Source Code Risk icon or the Text Risk icon in the Risk Name column to view the source code and content in text format.
    • Manage content risks
      The following table lists the operations that you can perform to manage detected risks.
      Operation Description
      Mark as Processed After you verify and process a risk, you can perform this operation to set the status of the risk to Processed.
      Add to Whitelist If you do not want a risk to be detected by Cloud Security Scanner again, you can perform this operation to set the status of the risk to Whitelist.
      Mark as False Positive After you confirm that the risk does not exist, you can perform this operation to set the status of the risk to False Positive.
      • Manage one risk at a time: In the risk list, click an action in the Actions column.
      • Manage multiple risks at the same time: In the risk list, select the target risks and click an action in the lower-left corner.