Automations: Do not fail on found CVE lacking a fix

Here is how to set up an automation rule that ensures the pipeline fails only if a CVE is found of a certain level AND a fix for it exists.

Set up a rule: "If CVSS is at least High then flag as vulnerable".
From the Repositories view, click a specific repository and then filter it by review status "= Vulnerable".
Check each vulnerability for any available fix. If not, select “Pause until a fix is available” under “Pause rule triggering” in the Action section.
In the opening dialog, choose an appropriate max pause time in the drop-down.
Click Save to confirm your selection and pause automation rules for the vulnerability.

Last updated 21 days ago

Was this helpful?

Here is how to set up an automation rule that ensures the pipeline fails only if a CVE is found of a certain level AND a fix for it exists.

Set up a rule: "If CVSS is at least High then flag as vulnerable".
From the Repositories view, click a specific repository and then filter it by review status "= Vulnerable".
Check each vulnerability for any available fix. If not, select “Pause until a fix is available” under “Pause rule triggering” in the Action section.
In the opening dialog, choose an appropriate max pause time in the drop-down.
Click Save to confirm your selection and pause automation rules for the vulnerability.

Last updated 21 days ago

Was this helpful?