Forum Discussion
Component Installs Require Paranoid Checks (DEPRECATED)
Update - March 4, 2026 After considering customer feedback, we. have decided to re-evaluate these changes and come up with a better way of handling Component installs. For the latest information, pl...
Chiming in to agree with disagreeing with this change. Particularly with Ashman's point:
“Paranoid” mode isn’t a clean substitute: While enabling paranoid mode preserves the detections, in many environments it can also increase noise/false positives and downstream triage overhead—making it difficult to use as the primary mechanism for routine scanning.
It would seem to me, in the world before this change, that customers that didn't want to see those vulnerabilities that are components of other applications could just re-cast them using the plugin id and the plugin output to accept those risk for the time being. Not sure how we can retain the same visibility we had before without introducing additional noise into our findings.
