How do I snooze or pause a review status?

  • 17 January 2023
  • 0 replies
  • 43 views

You can flag a vulnerability as snoozed for a set amount of time. By doing so, the specific vulnerability will not be triggered in any automation rules for the specific repository. After the chosen snooze duration expires, your automation rules will again take the before snoozed vulnerability into account and respective actions will be triggered again. Be aware: This could result in unnoticed security issues because the vulnerability will not show up in your existing automations. Therefore use this feature only if you need to and are aware of the consequences.

 

 

How do I snooze a vulnerability for a set amount of time?

To snooze a vulnerability, go to the desired repository and vulnerability to pause. Next choose “Pause rule triggering” in the Action section. Select “Snooze for a set time period” in the newly opened dialog and your desired snooze period in the shown dropdown. Click “Save” to confirm your selection and snooze the automation rules for the vulnerability.

You can see the activated snooze being shown as review status under Action. Snoozing the vulnerability is also reflected in the Activity section at the bottom of the page.

Note: Setting the vulnerability to snoozed is only available on a per-repository basis. If you want to snooze the same vulnerability for another repository, you’ll have to repeat the same steps for that one.

Even though any user is able to choose "snoozed" as review status by default, as an admin, you can disable this feature for all users in your company. 

 

How do I manually remove a snooze from a vulnerability?

You can manually stop snoozing a vulnerability at any time before it resumes automatically. To do so, go to the vulnerability you want to resume, click “Snoozed for time left” and confirm that you want to stop snoozing the vulnerability in the displayed dialog. Be aware that this will enable automation rules to be triggered for this vulnerability again.

 

How do I pause the review status?

You can flag a vulnerability as paused in a specific repository. The vulnerability will stay paused until we find a fix that, if applied, resolves the vulnerability in your repository. In that case, the paused status will be removed automatically and the vulnerability resumes to being unexamined.

Keep in mind that the pause could potentially be indefinite when a fix is never found. On that account, you are obligated to choose a maximum pause time when setting this review status. If the pause duration expires before we are able to find a fix, your automation rules will resume taking the vulnerability into account, similarly to how snoozing a vulnerability works.

 

How do I pause a vulnerability until a fix is available?

To pause a vulnerability until a fix is available, go to the desired repository and vulnerability to pause. Next choose “Pause rule triggering” in the Action section. Select “Pause until a fix is available” in the opening dialog and choose an appropriate max pause time in the dropdown. Click “Save” to confirm your selection and pause automation rules for the vulnerability.

You can see the activated pause being shown as review status under Action. Pausing the vulnerability is also reflected in the Activity section at the bottom of the page.

Keep in mind that setting the vulnerability to paused until a fix is available does so only for the specific repository. If you want to pause the same vulnerability for another repository, you’ll have to repeat the same steps for that one.

 

How do I manually remove a pause until a fix is available from a vulnerability?

You can manually stop pausing a vulnerability at any time before a fix is found or the max pause time has expired. To do so, go to the vulnerability you want to resume, click “Paused until fix” and confirm that you want to stop pausing the vulnerability in the displayed dialog. Be aware that this will enable automation rules to be triggered for this vulnerability again.

 


0 replies

Be the first to reply!

Reply