Description
Troubleshooting steps in SSC for Vulnerabilities issues.
Solution
1). Are you using ScanCentral SAST or SCA to scan?
2). Are you using a default Issue template (defined when creating the application in SSC)?
3). Is the suppression happening directly from SSC?
4). If using any CI/CD like Azure DevOpsFrom what is the ScanCentral parameter that is using for the build?
Example: -bt none
5). Is the translate and scan happening remotely?
6). Please provide language version (Example: Go, .NET, C++, etc.)
7). Please provide 2 FPR's, one FPR before suppresion and another FPR after suppresion
Note: These are 2 main things to check in order to be able to see the Instance ID, notice the same vulnerability can be reported (even if previously suppressed) and if for some reason the instance ID is changed.
You can get this FPR in SSC from Applications | Artifacts and clicking on "Application & Sources" button.
Please check reference: What application FPR to download for troubleshooting purposes
8). If possible, we will need the sources files, the package.zip for testing. Or at least a code sample where the issue happens for testing.
9). Is this the first time scanning that file? (this can be checked opening the application and checking if older Artifacts)
10). Gather the following information:
Example:
Software Security Center version: 24.4.1.0005
SCA Version: 24.4.0.0114
Controller version: 24.4.0.0060
Rulepacks: 2025.1.0.0011