Sprinto Dashboard

Mark Vulnerabilities as Special Cases

Learn how to dismiss non-applicable vulnerabilities in Sprinto by marking them as special cases, with justification and expiry options.

In some situations, a detected vulnerability may not be relevant to your product, infrastructure, or compliance framework. Sprinto allows you to mark such vulnerabilities as Special Cases, helping you avoid unnecessary check failures while maintaining a compliant audit trail.

Special case vulnerabilities remain visible in audit logs but are excluded from failing system-status or workflow checks.

When to Use This

You should mark a vulnerability as a special case if:

  • It is not exploitable within the context of your product.

  • It is irrelevant to the compliance framework in scope.

  • Additional time is required to resolve the issue, and a formal extension is justified.

  • The vulnerability exists in a deprecated or non-production system.

Before You Begin

Make sure:

  • You are logged in as an administrator.

  • The vulnerability is visible under the Vulnerabilities or Pentest tab.

  • You have a valid reason for dismissing the issue and, if possible, supporting documentation.

Procedure

To mark a vulnerability as a special case:

  1. Go to Data Library > Vulnerabilities.

  2. From the left-hand navigation, select the relevant monitoring source or click Pentest for uploaded issues.

  3. Locate the vulnerability you want to mark and click Dismiss Vulnerabilities.

  4. In the dialogue, choose one of the following options:

    • Additional time is needed to fix this check

    • Other

  5. Enter a justification in the comments field (this is mandatory).

  6. (Optional) Click Upload Document to attach supporting evidence.

  7. Define the expiry of the special case:

    • Valid forever

    • Let me select an expiry date

      • If an expiry is set, the vulnerability reverts to Due status after the date passes.

  8. Click Mark as Special Case.

Result

The vulnerability is now marked as a special case. Its corresponding check status is updated to Passing, and it no longer contributes to SLA failure reports.

You can review the updated status by navigating to the source tab or the Pentest section.

PreviousResolve VulnerabilitiesNextFrequently Asked Questions

Last updated