Security policy results
A newly-assigned policy, or changes to a policy, apply when the Project is re-scanned. This is what Project collaborators see when an action is applied to a vulnerability:
Action | What Project collaborators see |
Change severity to… | The new severity, as well as the originally assigned severity |
Ignore current and future instances | An ignored issue looking like a manual ignore but labeled ignored by Security Policy. |
Examples follow for an issue on a Project page that has been ignored by a security policy:

Issue ignored by security policy

Custom and original severity in the CLI

Custom and original severity in the Project Page UI

Custom and original severity in Open Fix PR UI

Custom and original severity in Reports
Last modified 1mo ago