Automations: Do not fail on found CVE lacking a fix
Here is how to set up an automation rule that ensures the pipeline fails only if a CVE is found of a certain level AND a fix for it exists.
Set up a rule: "If
CVSS
is at leastHigh
thenflag as vulnerable
".From the Repositories view, click a specific repository and then filter it by review status "=
Vulnerable".
Check each vulnerability for any available fix. If not, select “Pause until a fix is available” under “Pause rule triggering” in the Action section.
In the opening dialog, choose an appropriate max pause time in the drop-down.
Click Save to confirm your selection and pause automation rules for the vulnerability.
Last updated
Was this helpful?