Re-evaluate reachability of vulnerabilities after they have been dismissed

When it is assessed that a vulnerability isn't reachable in a dependency, it can be dismissed and marked as Not applicable. Nevertheless, it doesn't mean the vulnerability will never be reached, especially as the code of the app (or the dependency!) is evolving. This creates a gap in vulnerability management, where there's no clear way to re-evaluate these vulnerabilities.

Proposal

Maybe a new state, or a kind of label on the vulnerability would help to identify it as "Non reachable". These vulnerabilities should be reopen (Detected) if the code is proven to be reachable after a change.