In short, the 'Re-Evaluate Report' buttonĀ takes the static component data from the given report and runs it against any new policy changes. It doesn't reach out to the Sonatype Hosted Data Service (HDS) vulnerability catalog to check for updated component vulnerabilities.
This is the key difference between a reevaluation and a new scan. To check for new vulnerabilities, you'll want to run a new scan.
Starting IQ Server release 189, the Re-evaluate Report button will evaluate an existing scan report against the policy, waivers AND the latest data in the Sonatype Hosted Data Service (HDS).
For more information, refer to: