Automations: Do not fail on found CVE lacking a fix

Here is how to set up an automation rule that ensures the pipeline fails only if a CVE is found of a certain level AND a fix for it exists.

  1. Set up a rule: "If CVSS is at least High then flag as vulnerable".

  2. From the Repositories view, click a specific repository and then filter it by review status "= Vulnerable".

  3. Check each vulnerability for any available fix. If not, select “Pause until a fix is available” under “Pause rule triggering” in the Action section.

  4. In the opening dialog, choose an appropriate max pause time in the drop-down.

  5. Click Save to confirm your selection and pause automation rules for the vulnerability.

Last updated

Was this helpful?