Override a vulnerability

MSR security scanning sometimes reports image vulnerabilities that you know have already been fixed. In such cases, it is possible to hide the vulnerability warning.

To override a vulnerability:

  1. Log in to the MSR web UI.

  2. In the left-side navigation panel, select Repositories.

  3. Navigate to the required repository and click View details.

  4. To review the vulnerabilities associated with each component in the image, click the Components tab.

  5. Select the component with the vulnerability you want to ignore, navigate to the vulnerability, and click Hide.

Once dismissed, the vulnerability is hidden system-wide and will no longer be reported as a vulnerability on affected images with the same layer IDs or digests. In addition, MSR will not re-evaluate the promotion policies that have been set up for the repository.

To re-evaluate the promotion policy for the affected image:

After hiding a particular vulnerability, you can re-evaluate the promotion policy for the affected image.

  1. Log in to the MSR web UI.

  2. In the left-side navigation panel, select Repositories.

  3. Navigate to the required repository and click View details.

  4. Click Promote.