Vulnerability Exclusions

You can select to exclude a specific vulnerability (CVEClosed The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures., threat, or secret) that appears in a specific package. If you set the vulnerability as not important or relevant, CloudGuard ignores it. Such vulnerability has the Excluded from Findings indication on the asset pages. CloudGuard rules do not take the vulnerability into account.

The vulnerability exclusions are applied to the raw data in the package before running an assessment and obtaining findings. Therefore, these exclusions affect findings, toxic combinations, notifications, and more.

To exclude only findings related to vulnerabilities, see Configuring CloudGuard Exclusions.

If CloudGuard finds the excluded CVE in one of the images, the Vulnerabilities page of the image shows the CVE with the Is Excluded indication. Click the CVE ID to open its page and learn more details. It also shows information on who excluded the CVE and when.