Snooze or pause a review status
Learn how to snooze or pause a vulnerability you’ve been notified about.
Last updated
Learn how to snooze or pause a vulnerability you’ve been notified about.
Last updated
© 2018-2024 | Open Text
You can flag a vulnerability as snoozed for a set amount of time. By doing so, the specific vulnerability will not be triggered in any automation rules for the specific repository. After the chosen snooze duration expires, your automation rules will again take the before snoozed vulnerability into account and respective actions will be triggered again. Be aware: This could result in unnoticed security issues because the vulnerability will not show up in your existing automations. Therefore use this feature only if you need to and are aware of the consequences.
To snooze a vulnerability:
Go to the vulnerability page
Click Pause rule triggering in the Action section
Select Snooze for a set time period in the newly opened dialog and select your desired snooze period in the shown dropdown
Click Save to confirm your selection and snooze the automation rules for the vulnerability.
You can see the activated snooze being shown as review status under Action. Snoozing the vulnerability is also reflected in the Activity section at the bottom of the page.
Note: Setting the vulnerability to snoozed is only available on a per-repository basis. If you want to snooze the same vulnerability for another repository, you’ll have to repeat the same steps for that one.
Even though any user is able to choose "snoozed" as review status by default, as an admin, you can disable this feature for all users in your company.
You can manually stop snoozing a vulnerability at any time before it resumes automatically:
Go to the vulnerability you want to resume
Click Snoozed for (time) and confirm that you want to stop snoozing the vulnerability in the displayed dialog. Be aware that this will enable automation rules to be triggered for this vulnerability again.
You can flag a vulnerability as paused in a specific repository. The vulnerability will stay paused until we find a fix that, if applied, resolves the vulnerability in your repository. In that case, the paused status will be removed automatically and the vulnerability resumes to being unexamined.
Keep in mind that the pause could potentially be indefinite when a fix is never found. On that account, you are obligated to choose a maximum pause time when setting this review status. If the pause duration expires before we are able to find a fix, your automation rules will resume taking the vulnerability into account, similarly to how snoozing a vulnerability works.
To pause a vulnerability until a fix is available, go to the desired repository and vulnerability to pause. Next choose “Pause rule triggering” in the Action section. Select “Pause until a fix is available” in the opening dialog and choose an appropriate max pause time in the dropdown. Click “Save” to confirm your selection and pause automation rules for the vulnerability.
You can see the activated pause being shown as review status under Action. Pausing the vulnerability is also reflected in the Activity section at the bottom of the page.
Keep in mind that setting the vulnerability to paused until a fix is available does so only for the specific repository. If you want to pause the same vulnerability for another repository, you’ll have to repeat the same steps for that one.
You can manually stop pausing a vulnerability at any time before a fix is found or the max pause time has expired. To do so, go to the vulnerability you want to resume, click “Paused until fix” and confirm that you want to stop pausing the vulnerability in the displayed dialog. Be aware that this will enable automation rules to be triggered for this vulnerability again.
