Custom Patch Sites

About this task

Out of the box, Patch and Vulnerability Reporting uses data from the supported external patch sites. Starting with version 2.0.1, user with the "Edit Patch Sites" permission can configure Compliance to include specified custom sites.


  1. Click the gear icon in the management page and click Patch Sites.
  2. Select and move sites from the Available Sites list into the Selected Sites list.
  3. After confirming the changes, click Save. Subsequent imports include the selected sites in reports.
    Custom site patches are reported as normal with the external site patches. However, the important distinction is that the custom site patches cannot be superseded. Any patch that originates from a custom site is treated as non-superseded. This means that the vulnerabilities associated with the patch through its superseded patches cannot be included in the related vulnerabilities. If you want to associate a patch with additional vulnerabilities, the patch must be amended to include the additional CVEs in the CVENames or MIME_x-fixlet-cve fields.

    Ensure that the patch has working relevance. If the patch was copied from a Windows site, any relevance that disables evaluation including false relevance and relevance that checks for the EnableSuperseedEval client setting must be removed.