In this article:
Question:
I have fixed the issue that relate to some Patching Cadence findings, but why am I not able to use the "Fixed" button to resolve the findings?
Answer:
The reason why the "Fixed" button has been disabled against Patching Cadence issue types is because these are NOT reflective of vulnerabilities that are currently present but their history. The resolution options for "CVEs Patching Cadence" issues are limited as these issues are based on historical records. CVE patching cadence findings are meant to stay on Scorecards because they are a statement about the past behaviour of an organization and their ability to respond to the vulnerability.
These findings are automatically removed from Scorecards after 60 days (low severity), 90 days (medium severity), 120 days (high severity) and 150 days (critical severity) since last observation of the issue.
If you think that the finding has been raised in an error and is a False Positive, please use the "Other resolutions" --> "I cannot reproduce this issue and I think it's incorrect" option to remediate the finding: