Manage general policies | Fluid Attacks Help

Manage general policies

Manage your organization's general policies

Role requirement infoRole required: User Manager
Fluid Attacks' platform allows you to define your policies regarding how your organization handles vulnerability acceptance, manages user access, and prioritizes remediation efforts. 

To view these general policies, access the Policies section from the collapsible menu.

Access organization policies on the Fluid Attacks platform

Policies is further divided into three sections. The first section allows you to define eight policies about the temporary acceptance of vulnerabilities, breaking the build, and platform usage. You can learn about the other two sections in Accept vulnerabilities and Manage fix prioritization policies.

Manage organization policies on the Fluid Attacks platform

Maximum number of calendar days a finding can be temporarily accepted

Indicates for how many days a vulnerability can be temporarily accepted. The platform allows it to be at most 90 calendar days. This policy affects the executions of the CI agent, as temporarily accepted vulnerabilities do not break the build. Set this cautiously to avoid leaving vulnerabilities unaddressed for extended periods, causing risks to your applications.

Maximum number of times a finding can be accepted

Indicates the maximum number of times a vulnerability can be temporarily accepted. Once this limit is reached, the vulnerability cannot be temporarily accepted again, even if it goes through other treatments or is present again after having been remediated once.

Grace period where newly reported vulnerabilities will not break the build

Indicates the amount of days during which newly discovered vulnerabilities do not trigger the CI agent to break the build.  Exercise caution when setting this value to minimize the risk of unaddressed vulnerabilities impacting your applications.

Minimum CVSS score allowed for temporary acceptance

Indicates the minimum Common Vulnerability Scoring System (CVSS) score (0.0 to 10.0) required for a vulnerability to be temporarily accepted.

Maximum CVSS score allowed for temporary acceptance

Indicates the maximum CVSS score allowed for vulnerabilities to be temporarily accepted.

Minimum CVSS score of an open vulnerability to break the build

Indicates the minimum CVSS score required for an unmanaged vulnerability to break the build when using the CI agent in strict mode.

Number of days until vulnerabilities are considered technical debt and do not break the build

Indicates the grace period (in days) before a vulnerability is considered "technical debt" and does not break the build. That is, during that amount of days, the vulnerability breaks the build once reported and unmanaged. But after this period, the vulnerability does not break the build.

Number of days after which a member is removed due to inactivity

Indicates the allowed inactivity period (in days) before a member is automatically removed from the platform. Its default value is 90 days. The removed member loses all access and must request a new invitation to rejoin. The latter has to be issued by the organization or group User Manager.

Manage your general policies at a group level

Role requirement infoRole required: User Manager
Groups inherit the general policies of the organization they are in. However, you can customize these policies at the group level. To view the current policies for a group, go to its  Scope section and scroll down to Policies.

Manage group policies on the Fluid Attacks platform

To change a policy, modify its value and click the Save button.

Change group policies on the Fluid Attacks platf

Upon saving, you get an email notification announcing the policy change.

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.