|License Type||SaaS & On-Premise|
|Main Product Category||Contrast UI|
|Sub Category||Vulnerability Management|
I see a vulnerability being reported in a 3rd party library, or code that is unreachable. What can be done?
In cases such as these, the findings are technically vulnerabilities which can affect your application. Mitigation depends on whether or not you want to consider vulnerabilities in which you don't have source code access to. One potential alleviation may be to add some code into your application that may prevent this vulnerability from being reported. Otherwise, you can just mark these vulnerabilities as 'Not a Problem' so that they are no longer reported - you will need to enter a justification when setting this status.
Unfortunately without being able to access the source code that triggered the finding, there's really not a lot more that can be done to obtain context or to alter it. We can recommend taking mitigating action, such as ensuring that that the app server or application is configured to accommodate what is being reported by the vulnerability-in-question.
For further details on managing your Contrast findings, please see:
Analyze and Manage Vulnerabilities