Accept vulnerabilities | Fluid Attacks Help

Accept vulnerabilities

Attention users: Our platform is getting a fresh new look! Soon, you'll enjoy an updated interface designed to enhance your experience. Stay tuned for the unveiling, and get ready to explore the improved Fluid Attacks platform!
Due to the above, some of the content of this article may undergo modifications.

Accept vulnerabilities permanently

In the second table of the Policies section, you will find a list of the types of vulnerabilities that your team has suggested for permanent acceptance. In front of each vulnerability type name, you will see whether that acceptance was approved, rejected or is pending. All those vulnerability types listed there as accepted will be ignored by Fluid Attacks' DevSecOps agent in its task of breaking the build. Therefore, you assume the risk that comes with their being allowed into production.

List Types Vulnerabilities

Submit a vulnerability type to accept

Role requirement info
Role required: User or User Manager
To add a vulnerability type, you have to type its name in the bar, and if you want, you can add tags. After that, you can click on the plus symbol.

Adding a Types Vulnerabilities

After this the vulnerability type will appear in the table and its Status will be Submitted. Remember that any team member can make the approval request. On the other hand, you can approve or reject only if you are a User Manager.

Approve and reject acceptance requests

Role requirement infoRole required: User Manager
You can accept a type of vulnerability by clicking the check mark button, which will change its status from Submitted to Approved. Conversely, by clicking the cross-mark button, the status will change to Rejected.

Actions approve or reject

Disable and resubmit acceptance policy

Role requirement info
Role required: User Manager
You can also disable the acceptance policy for a type of vulnerability by clicking the prohibition sign.

Disable Acceptance For A Vulnerability

A pop-up window will appear asking for confirmation. By clicking on Confirm, this vulnerability’s status will automatically change to Inactive.

Disable Acceptance For A Vulnerability

There’s another button that has a right arrow symbol. This button is available when the status of the type of vulnerability is inactive.

Re-submit action

Clicking it will change the status to Submitted, and you can further decide whether or not the vulnerability will be accepted.

Button In Inactive Vulnerability

Add tags to classify vulnerabilities for acceptance

Role requirement infoRole required: User or User Manager
You can add one or more tags under which you would like to classify the type of vulnerability. After clicking the add button, the tag(s) you chose will be applied automatically to all the vulnerabilities of that type.

Accept vulnerabilities temporarily

Role requirement info
Role requirements for submitting, approving, rejecting, disabling and resubmitting types are the same as for permanent acceptance of vulnerabilities. See details above.
In this section, you can add all vulnerability types reported in an organization or individually select those that you want to apply the Temporarily Accepted treatment, having an approval process before applying such treatment. When specific rules are not defined in this policy (default behavior), requests for temporary approvals are automatically approved without requiring additional validations.

Below, we will explain how to apply this approval system.

As mentioned above, you can apply to all vulnerabilities reported in the organization by clicking on the Vulnerability type field in the All Vulnerability Types option.

All vulnerabilities

Note about temporary acceptanceNote: Setting this option will apply the approval request to all reported types.
If you prefer to apply this setting individually, select the type for which you would like to request temporary treatment approval.

Individually type

Tag reminderRemember that you can add tags.
Now, when you have selected the type, you can click on the plus symbol. The request for approval of this type will be sent, and it will be in a Submitted status. Only a person with the User Manager role can approve or reject the request.

Submitted status

Once approved, the Status value will change to Approved. After that, when applying the Temporarily Accepted treatment, approval will be required prior to application.