When we add a comment in the Vulnerabilities section of the component, while it’s visible in the Audit Log tab, it doesn’t show up in the PDF export. We include the PDFs in our releases so it would be very useful if the comments were visible so people could see WHY a particularly vulnerability isn’t applicable. Is there any way that can be enabled?
Thank you for the feedback. It is not currently possible to view comments applied to vulnerabilities within an exported PDF. We will keep this in mind when we next take a look at this feature.
cc/ @csexton re: potential overlap with other workstreams
We use the PDF as evidence of test which must be presented if we are audited. The ability to see the comment would be very helpful. Right now we require a comment with either information about why it’s not applicable, mitigated or a reference to our internal risk tracking tool.