Package: Invicti AppSec Core (on-demand)
Target vulnerabilities
The vulnerabilities page lists all security findings identified for the target since the platform's inception. From this page you can drill into vulnerability details or take action on existing findings.
To view target vulnerabilities:
- Select Targets from the left-side menu.
- Click the target name to open the target.
- Select the Vulnerabilities tab.
Issue status indicators
Each vulnerability row displays a colored circle on the left side indicating the issue manager ticket status:
| Indicator | Meaning |
|---|---|
| Blue circle | A ticket has been created on the issue manager and its status is still open. |
| Grey circle | No ticket has been created on the issue manager for this vulnerability. |
| Red circle | The ticket on the issue manager has been closed. |
Vulnerability details
Click the page icon on the rightmost side of any vulnerability row to view additional details. The details presented vary depending on the scanner that identified the vulnerability.
Customize table columns
Click the gear icon in the upper-right corner of the vulnerability table to modify which columns are displayed.
Bulk actions
Select one or more vulnerabilities using the checkboxes, then choose an action from the Choose an action dropdown:
- Assign Issue: create tickets on the issue manager for the selected vulnerabilities. A modal opens where you can choose to create a single ticket for all selected vulnerabilities or a separate ticket for each one.
- False positive: mark vulnerabilities as not being actual security issues. You can set an optional expiration date and provide a justification.
- True positive: confirm that vulnerabilities are genuine security issues requiring remediation.
- Risk accepted: mark vulnerabilities as tolerable business risks. Classify them as Mitigated (risk has been reduced) or Won't Fix (risk accepted as-is), and set an optional expiration date.
- Close: close manually imported vulnerabilities.
- Reopen: reopen previously closed, manually imported vulnerabilities. You can set the status to New or Recurrent.
- Add or remove flags: assign or remove custom flags to organize vulnerabilities into custom groups.
Vulnerabilities that already have an open ticket (blue circle) cannot be selected when using the Assign Issue action.
If you group multiple vulnerabilities into a single ticket, certain automated workflows (such as validation scans or reflecting vulnerability status on the ticket) won't work until all grouped vulnerabilities reach a Closed status.
False positive management
How false positive handling works depends on your user role:
- Team Lead and Admin users can mark vulnerabilities as false positives directly by entering a description.
- Developer users can submit a false positive request, which a Team Lead or Admin must approve.
Export vulnerabilities
Click the Actions button in the upper-right corner of the page and select the export option to download the vulnerability table in CSV format. The export includes the columns currently displayed in the table.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center