Links

Security policy results

A newly assigned policy, or changes to a policy, apply when the Project is re-scanned. This is what Project collaborators see when an action is applied to a vulnerability:
Action
What Project collaborators see
Change severity to…
The new severity, as well as the originally assigned severity
Ignore current and future instances
An ignored issue will look the same as a manual ignore, but it will be labelled “ignored by security policy”

Examples

For an issue in a project page that’s been ignored by a security policy:
Issue ignored by security policy
Issue ignored by security policy
Custom and original severity in the CLI
Custom and original severity in the CLI
Custom and original severity in the CLI
Custom and original severity in Project Page UI
Custom and original severity in the Project Page UI
Custom and original severity in the Project Page UI
Custom and original severity in Open Fix PR UI
Custom and original severity in Open Fix PR UI
Custom and original severity in Open Fix PR UI
Custom and original severity in Reports
Custom and original severity in Reports
Custom and original severity in Reports