Automations: Do not fail on found CVE lacking a fix
Here's how to set up an automation rule that ensures the pipeline fails only if a CVE is found of a certain level AND a fix for it exists.
Set up a rule: "If
CVSS
is at leastHigh
thenflag as vulnerable
"From the Repositories view, click on a specific repository and then filter it by review status =
Vulnerable
Go one by one in each vulnerability to check if there is a fix version available. If not, select “Pause until a fix is available” under “Pause rule triggering” in the Action section. Then, in the opening dialog, choose an appropriate max pause time in the dropdown. Click Save to confirm your selection and pause automation rules for the vulnerability.
Last updated