Viewing information about accepted risks

The list of all accepted risks is displayed in the Policies → Risk acceptances section.

You can use the list to do the following:

• Search by risk name, repository name, image, or resource where the risk is detected.
• Filter the list by risk type and manufacturer fix availability.
• Generate a Risk acceptance report by clicking the Create report button above the table.
• Sort the list by date of acceptance, risk name, scope (applied to all images or just one image), and acceptance period. Sorting is performed using the () sort icon.
• View detailed information about risk acceptance and the associated threat. Click the risk name link to open the window with the related detailed information.

Use the buttons in the detailed information window to do the following:

• Specify or extend the time period after which this security threat must be considered again when determining image security status.
• Cancel risk acceptance.

You can also view information about the accepted risk in the list of detected threats in the image scanning results. In the row with the threat with accepted risk, you can find the time of risk acceptance. You can click the link to open a window with detailed information about the risk acceptance and the associated threat.

Information about risk acceptance for a specific vulnerability is also indicated in the table with the list of all vulnerabilities detected by the solution in the Investigation → Vulnerabilities section. The Risk acceptance column displays the number of artifacts (images, CI/CD objects) for which the risk was accepted.

To view the accepted risks of a vulnerability, you need the "View accepted risks" rights.
Information about accepted risks is shown regardless of scopes.

More detailed information on each accepted risk for a specific vulnerability is provided in the detailed description of the vulnerability on the Risk acceptance tab.

Page top