I would like to understand how the application behaves during the subsequent month’s scan if the same vulnerability reappears after an FP (False Positive) request has been raised and closed.
Currently, we are marking the FP status only in ServiceNow, and not in Qualys. As a result, we are concerned that the same vulnerability might be detected again in the next scan, since it still exists in the Qualys database.
Could you please confirm whether this is expected behavior?
