Security policy results

A newly-assigned policy, or changes to a policy, apply when the Project is re-scanned. This is what Project collaborators see when an action is applied to a vulnerability:

Action

What Project collaborators see

Change severity to…

The new severity, as well as the originally assigned severity

Ignore current and future instances

An ignored issue looking like a manual ignore but labeled ignored by Security Policy.

Examples follow for an issue on a Project page that has been ignored by a security policy:

Custom and original severity in the CLI

Custom and original severity in Project Page UI

Custom and original severity in Open Fix PR UI

Custom and original severity in Reports

PreviousSecurity policy actions NextLicense policies

Last updated 10 months ago