Policies is further divided into three sections. The first section allows you to define eight policies about the temporary acceptance of vulnerabilities, breaking the build, and platform usage. You can learn about the other two sections in Accept vulnerabilities and Manage fix prioritization policies.
Indicates for how many days a vulnerability can be temporarily accepted. The platform allows it to be at most 90 calendar days. This policy affects the executions of the CI agent, as temporarily accepted vulnerabilities do not break the build. Set this cautiously to avoid leaving vulnerabilities unaddressed for extended periods, causing risks to your applications.
Indicates the maximum number of times a vulnerability can be temporarily accepted. Once this limit is reached, the vulnerability cannot be temporarily accepted again, even if it goes through other treatments or is present again after having been remediated once.
Indicates the amount of days during which newly discovered vulnerabilities do not trigger the CI agent to break the build. Exercise caution when setting this value to minimize the risk of unaddressed vulnerabilities impacting your applications.
Indicates the minimum Common Vulnerability Scoring System (CVSS) score (0.0 to 10.0) required for a vulnerability to be temporarily accepted.
Indicates the minimum CVSS score required for an unmanaged vulnerability to break the build when using the CI agent in strict mode.
Indicates the grace period (in days) before a vulnerability is considered "technical debt" and does not break the build. That is, during that amount of days, the vulnerability breaks the build once reported and unmanaged. But after this period, the vulnerability does not break the build.
Indicates the allowed inactivity period (in days) before a member is automatically removed from the platform. Its default value is 90 days. The removed member loses all access and must request a new invitation to rejoin. The latter has to be issued by the organization or group User Manager.
To change a policy, modify its value and click the Save button.
Upon saving, you get an email notification announcing the policy change.