Manually upload artifacts into the SSC


If there are multiple manually upload artifacts into the same project, do merges happen?

Example:  Orig, firstupload, secondupload (latest)

Does secondupload have suppressions and comment from firstupload?

Thank you


  • From my experience, yes.

    Assuming you are referring to the same project/vesrion.

    This is one of the great benefits of using SSC, all previously audited information is persisted and merged with any new scans. None of that previous work is lost.

    We have teams scanning daily weekly, and all the comments, tags and suppressions are always retained.

    This only applies to a given project/version. If you were to create a new "version" of a project, you should check the box during version setup to copy "application state" so any previously commented/suppressed findings become the new baseline.



    Thank you for your response.  I agree that the SSC portal will have all the suppressions and comments.  If the same project has only manual uploads, how can I download an artifact with all the suppressions and comments?

  • Verified Answer

    You can do this from the Artifacts tabs on the project.

    Look for "Application and Sources" button which will download an aggregated FPR file with all previously comments, suppressions, etc.


    See attached