Skip to main content

Review pending vulnerability status changes

If an Organization Administrator has required approval for a particular vulnerability, the status won't change until it is approved. This can apply to manual vulnerability status changes, two-way bugtracker integrations, as well as auto-verification policies.

You must be an Organization RulesAdmin with RulesAdmin permissions for the target application in order to approve or deny vulnerability closures.

To do this:

  1. Select the link in your notification in the Contrast application, or select Vulnerabilities in the header, then select the filter at the top of the grid to view all pending reviews.

    FilterPendingVulns.png
  2. Use the check marks in the left column to select one or more vulnerabilities. In the batch action menu that appears at the bottom of the page, select Review. Then select Approve or Deny. You can also select Review in the top right from a vulnerability overview page.

  3. If you deny the status change, you must provide a reason. Denied vulnerabilities revert to their previous status. Approved vulnerabilities take the new status and are no longer marked Pending. Either way the results of the review will display in the vulnerability's Activity tab.