Get a Demo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Taking Action on Vulnerabilities: Ignore, Fix, or File a Jira Ticket

Finding vulnerabilities is only the first step. Hopper helps you act on them with speed and clarity by offering tools to fix what matters, ignore what doesn’t, and seamlessly assign remediation work through your existing workflows.

This guide walks you through the options available in Hopper to take action on individual vulnerabilities across your projects.

Start with Reachability and Fixability

Before deciding how to handle a vulnerability, Hopper gives you the signals you need:

  • Reachability Verdict – Is the vulnerability actually invoked by the application?
  • Fixable Status – Is there a safe upgrade path?
  • Fix Effort – How complex is the remediation?
  • EPSS Score – What is the likelihood of exploitation in the wild?

These insights let you decide whether to fix immediately, flag for later, or deprioritize entirely.

Drill Into Details with the Tray View

Click on any vulnerability row to open the detail tray, which gives you a complete picture of the issue:

  • CVE number and aliases
  • Severity and EPSS score
  • Reachability status (Reachable, Not Reachable, Potentially Reachable, or N/A)
  • Fixable status and fix effort estimate
  • Dependency type (Direct or Transitive)
  • CWE category and vulnerability type
  • Package name and version
  • Summary
    • Example: jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
  • Suggested fix with direct link to the affected file in SCM
  • Full call graph, showing how the vulnerable function is reached
    • Exportable as JSON for deeper analysis or sharing

This view supports in-depth investigation and helps developers understand how the vulnerability impacts real code paths.

Fixing Vulnerabilities

When a fix is available, Hopper provides:

  • Version upgrade recommendations
  • Fix effort estimation
  • Call graph evidence that confirms exploitability
  • Direct SCM links to the affected file and function

You can quickly validate whether the suggested upgrade is safe and necessary, then assign it to the right developer or team.

Ignoring Vulnerabilities

Sometimes a vulnerability may be out of scope or irrelevant. Hopper lets you:

  • Ignore a vulnerability for a specific project or across all projects
  • Track ignored issues through the “Show ignored vulnerabilities” filter
  • Reopen ignored issues at any time for re-evaluation

Hopper supports ignoring vulnerabilities when:

  • They are unreachable or non-impactful
  • You have compensating controls
  • The fix would break core functionality

Ignored issues remain visible when filtered and can be unignored at any time. This prevents false positives from cluttering your dashboards while preserving auditability.

Filing a Jira Ticket

If remediation is needed, you can assign the work in one click:

  1. Open the detail tray for a vulnerability
  2. Click “Create Jira Ticket”
  3. Choose the correct project, assignee, and priority
  4. Hopper will include:
    • CVE ID and summary
    • Reachability verdict
    • Suggested fix and version
    • File/function location and call graph reference

If a Jira ticket has already been filed, Hopper will display the link in the vulnerability entry for easy access.