Skip to main content

Ignore an issue in SCA

Veracode Software Composition Analysis (SCA) agent-based scanning provides users with accurate, up-to-date vulnerability information, but not all issues apply to your code. For this reason, Veracode SCA allows you to suppress issues if you want to prevent them from causing your build pipeline to fail.

Ignoring issues only impacts your pipeline if you configure your SCA rules to generate an error instead of a warning, and you need to make exceptions that allow you to bypass the error. Ignoring an issue is not the same as closing an issue.

If you ignore an issue, the issue remains ignored in future scans of the project, even if the issue severity changes or a subsequent scan finds a vulnerable method.

note

For projects linked to application profiles, ignoring an issue has no impact on the status of any mitigation actions for the application. A reviewer still needs to review proposed mitigations in the Veracode Platform or with the Veracode APIs.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
  2. Select Agent-Based Scan.
  3. Select a workspace.
  4. If you want to view issues for an individual project, Select Projects, then select a project.
  5. Select the checkbox next to the issues you want to ignore.
  6. Select Actions > Ignore.
  7. Select Ignore Forever or Ignore Temporarily.
  8. If you select Ignore Temporarily, select a date. Veracode will ignore the issue until 11:59 PM UTC on the selected date.
  9. Enter a comment explaining why you are ignoring the issues.
  10. Select Confirm ignore issue.
  11. Select Finish.

Results:

Anyone who has access to the workspace can view the comment.