Suppression Rules

Suppression rules can be used to automatically mark vulnerabilities as False Positive, Won’t Fix, or Mitigated.

Once a new suppression rule is created, the user can see the number of vulnerabilities that will be affected by the created rule before clicking the Save button.

The rule will immediately take effect on the existing vulnerabilities after clicking the Save button.
For vulnerabilities discovered afterward, Kondukto will be updating the status of those vulnerabilities every 10 minutes.


If a preset is deleted, Kondukto will stop checking for the related suppression rule and any future vulnerabilities will not be affected. However, the status of any vulnerabilities marked according to the deleted preset will not be reverted.


The presets work with an “And” logic which means if a preset is applied on all projects and another preset is applied on projects with a specific label, both preset will be applied.


Only one preset that affects all projects can be created. Other presets must be associated with a label to indicate which projects will be affected.