If you have run a scan on a target and the scan has resulted in 15 vulnerabilities. If fixes for 10 out of those 15 vulnerabilities are pushed and then a scan is run again on the target, the scan will result in only 5 vulnerabilities. The remaining 10 vulnerabilities which were logged before will be automatically moved to a ‘Resolved’ state, meaning you will not have to update the state of those vulnerabilities.
Enabling Smart Auto-closure while Creating Scan Configurations:
For the sake of demonstration we will be using the ZAP configuration. The same process applies to all the Scan Configurations.
- Navigate to ‘Dynamic Application Scanners’ under ‘Connectors’.
- Select the ‘ZAP Web Application Scanner’.
- Enter your ‘Configuration Name’, select the ‘Baseline’ to log vulnerabilities and click on ‘Next’.
- In Step 2 you will find the option to enable ‘Smart Auto-closure of Vulnerabilities’.
- Select ‘Yes’, fill in the remaining details and complete the Configuration.
- Now going forward whenever scans are run, the vulnerabilities identified from the latest scan will be compared to the previous scans and if any vulnerability doesn’t exist in the latest scan, that vulnerability will be moved to the ‘Resolved’ state.
If you have not selected Smart Auto-close while creating a configuration, you can later go back to that configuration and you will be presented with the option to ’Smart Close Vulnerabilities’.