Findings¶
Findings are individual security vulnerabilities discovered by scanners and ingested into servasec.
Lifecycle¶
A finding follows this status lifecycle:
- Open - newly ingested, awaiting review
- Confirmed - triaged and acknowledged as a real issue
- Fixed - remediation applied, pending verification
- Closed - verified as resolved
- Dismissed - determined to be a false positive or acceptable risk
Finding detail¶
Each finding page includes:
- Severity - Critical, High, Medium, Low, or Info
- Scanner - source scanner (Semgrep, Trivy, etc.)
- Location - file path and line number
- Description - detailed explanation of the vulnerability
- Remediation - suggested fix
- References - links to relevant documentation or CVEs
- Comments - threaded discussion per finding
- Assignee - responsible team member
- Timeline - status change history
Assigning findings¶
Users can be assigned to findings for accountability:
Review and comments¶
Each finding supports a review workflow with threaded comments: