Snooze or pause a review status

You can flag a vulnerability as snoozed for a set amount of time. By doing so, the specific vulnerability will not be triggered in any automation rules for the specific repository. After the chosen snooze duration expires, your automation rules will again take the before snoozed vulnerability into account and respective actions will be triggered again. Be aware: This could result in unnoticed security issues because the vulnerability will not show up in your existing automations. Therefore use this feature only if you need to and are aware of the consequences.

Snooze a vulnerability for a set amount of time

To snooze a vulnerability:

1. Go to the vulnerability page

2. Click Pause rule triggering in the Action section

3. Select Snooze for a set time period in the newly opened dialog and select your desired snooze period in the shown dropdown

4. Click Save to confirm your selection and snooze the automation rules for the vulnerability.

You can see the activated snooze being shown as review status under Action. Snoozing the vulnerability is also reflected in the Activity section at the bottom of the page.

Even though any user is able to choose "snoozed" as review status by default, as an admin, you can disable this feature for all users in your company.

Manually remove a snooze from a vulnerability

You can manually stop snoozing a vulnerability at any time before it resumes automatically:

1. Go to the vulnerability you want to resume

2. Click Snoozed for (time) and confirm that you want to stop snoozing the vulnerability in the displayed dialog. Be aware that this will enable automation rules to be triggered for this vulnerability again.

Pause the review status

You can flag a vulnerability as paused in a specific repository. The vulnerability will stay paused until we find a fix that, if applied, resolves the vulnerability in your repository. In that case, the paused status will be removed automatically and the vulnerability resumes to being unexamined.

Keep in mind that the pause could potentially be indefinite when a fix is never found. On that account, you are obligated to choose a maximum pause time when setting this review status. If the pause duration expires before we are able to find a fix, your automation rules will resume taking the vulnerability into account, similarly to how snoozing a vulnerability works.

Pause a vulnerability until a fix is available

To pause a vulnerability until a fix is available, go to the desired repository and vulnerability to pause. Next choose “Pause rule triggering” in the Action section. Select “Pause until a fix is available” in the opening dialog and choose an appropriate max pause time in the dropdown. Click “Save” to confirm your selection and pause automation rules for the vulnerability.

You can see the activated pause being shown as review status under Action. Pausing the vulnerability is also reflected in the Activity section at the bottom of the page.

Keep in mind that setting the vulnerability to paused until a fix is available does so only for the specific repository. If you want to pause the same vulnerability for another repository, you’ll have to repeat the same steps for that one.

Manually remove a pause until a fix is available from a vulnerability

You can manually stop pausing a vulnerability at any time before a fix is found or the max pause time has expired. To do so, go to the vulnerability you want to resume, click “Paused until fix” and confirm that you want to stop pausing the vulnerability in the displayed dialog. Be aware that this will enable automation rules to be triggered for this vulnerability again.