Require vulnerability approval
You can require administrative approval when closing vulnerabilities that Contrast Assess and Contrast Scan report.
Note
While in a Pending state, the vulnerability's previous status still applies for the purpose of organizational reports and statistics.
Before you begin
If you are using role-based access control, you need a role with the Manage vulnerability action.
If. you are using organization users and groups, you need an Organization Administrator role to require administrative approval when closing vulnerabilities . You need an OrganizationRulesAdmin role to approve or deny vulnerability closures.
Steps
In the user menu, select Policy management > Vulnerability management > Vulnerability behavior.
Select the box next to Require administrator approval when closing vulnerabilities.
Choose the statuses and severities of vulnerabilities that should automatically go into a Pending state when a user moves to close them.
When a user requests to close any qualifying vulnerabilities, Contrast sends an in-app notification to all Organization Administrators saying that a review is needed.
Each vulnerability status will remain Pending until an Organization Administrator submits a review of the closure. To qualify for administrative approval, both a status and severity must be selected.
If a reviewer denies the closure of a vulnerability, they must provide a reason for denial. Once confirmed, the reviewer's feedback appears in the vulnerability's Activity tab.
If you disable the feature, any pending closures are automatically approved.