Not every vulnerability needs to be patched immediately. If a fix isn't available yet, or if you've assessed the risk and decided it's acceptable for now, you can dismiss the vulnerability to keep your compliance program clean and auditor-ready.

There are two ways to do this in ComplyJet.

If your vulnerability source (such as GitHub Dependabot, AWS Inspector, or another integrated scanner) supports dismissal, you can dismiss the vulnerability there and add a note explaining the reason. ComplyJet will automatically sync the updated status on the next scan — no action needed on the platform.

This is the preferred approach when you want the dismissal to be recorded at the source and reflected consistently across tools.

If you want to dismiss a vulnerability without going back to the source, you can do it directly on the ComplyJet Vulnerabilities page.

Step 1 – Go to the Vulnerabilities page

Navigate to Security → Vulnerabilities in the left sidebar. You'll see all vulnerabilities across your connected environments.

Step 2 – Open the vulnerability

Click on the vulnerability you want to dismiss. A detail panel will open on the right showing the CVE, severity, current status, and other details.

Step 3 – Change the status and add a note

Scroll down to the More Details section. Change the Status from Open to Dismissed, then enter a reason in the Dismissal Note field. Click Save.

The vulnerability will move to the Closed / Dismissed tab and will no longer count as open in your program.

A good dismissal note gives your auditor enough context to understand the decision. Aim to cover:

Example: "No patch available from upstream as of June 2026. Vulnerability is in a dev-only dependency not exposed in production. Will revisit when a fix is released."