Snooze or pause a review status

Learn how to snooze or pause a vulnerability you’ve been notified about.

Last updated 2 months ago

Was this helpful?

Snooze or pause a review status

Learn how to snooze or pause a vulnerability you’ve been notified about.

You can flag a vulnerability as snoozed for a set amount of time. By doing so, the specific vulnerability will not be triggered in any automation rules for the specific repository. After the chosen snooze duration expires, your automation rules will again take the before snoozed vulnerability into account and respective actions will be triggered again.

This could result in unnoticed security issues because the vulnerability will not show up in your existing automations. Therefore, use this feature only if you need to and are aware of the consequences.

Snooze a vulnerability for a set amount of time

To snooze a vulnerability:

Go to the vulnerability page.
Click Pause rule triggering in the Action section.

Select Snooze for a set time period in the newly opened dialog and select your desired snooze period.

Click Save to confirm your selection and snooze the automation rules for the vulnerability.

You can see the activated snooze being shown as review status under Action. Snoozing the vulnerability is also reflected in the Activity section at the bottom of the page.

Note: Setting the vulnerability to "snoozed" is only available on a per-repository basis. If you want to snooze the same vulnerability for another repository, you should repeat the same steps for that one.

Though any user is able to choose "snoozed" as review status by default, as an admin, you can disable this feature for all users in your company.

Manually remove a snooze from a vulnerability

You can manually stop snoozing a vulnerability at any time before it resumes automatically:

Go to the vulnerability you want to resume.
Click Snoozed for (time) and confirm that you want to stop snoozing the vulnerability in the displayed dialog. Note that this will enable automation rules to be triggered for this vulnerability again.

Pause review status

You can flag a vulnerability as paused in a specific repository. The vulnerability will stay paused until a fix is found, if applied, resolves the vulnerability in your repository. In that case, the paused status will be removed automatically, and the vulnerability resumes to being unexamined.

Keep in mind that the pause could potentially be indefinite when a fix is never found. It is recommended to choose a maximum pause time when setting this review status. If the pause duration expires before the fix is found, your automation rules will resume taking the vulnerability into account. This is similarl to how snoozing a vulnerability works.

Pause a vulnerability until a fix is available

To pause a vulnerability until a fix is available:

Go to the desired repository and vulnerability to pause.
Select Pause rule triggering in the Action section.
Select Pause until a fix is available in the opening dialog and choose an appropriate max pause time.
Click Save to confirm your selection and pause automation rules for the vulnerability.

You can see the activated pause being shown as review status under Action. Pausing the vulnerability is also reflected in the Activity section at the bottom of the page.

Note that setting the vulnerability to "paused until a fix" is available does so only for the specific repository. If you want to pause the same vulnerability for another repository, you will have to repeat the same steps for that one.

Manually remove a pause until a fix is available from a vulnerability

You can manually stop pausing a vulnerability at any time before a fix is found or the max pause time has expired.

To manually remove a pause:

Go to the vulnerability you want to resume.
Click Paused until fix and confirm that you want to stop pausing the vulnerability in the displayed dialog. Be aware that this will enable automation rules to be triggered for this vulnerability again.