Skip to main content

View and manage baseline issues

Last updated on

The Issues section at the Project level provides a consolidated view of all security issues affecting your baseline targets, providing a comprehensive list of issues identified across scans in the selected Project. Issues section is currently available only at the Project level. Support for Organization and Account levels will be available soon. From the Issues section, you can:

info
  • The Issues section displays only the issues impacting your project's baselines. If your project has no targets or baselines configured, this page will not present the issues, even if scans have been executed against non-baseline targets.
  • To see detected issues in a non-baseline variant, such as a feature or developer branch, go to a pipeline execution where the variant was scanned and then go to Vulnerabilities tab.

Issues overview

Access the Issues section from the left navigation in the STO module. At the top of the page, you can view the summary of the Total Issues and Total Occurrences counts for your project's baseline issues. You can apply filters to narrow down the issues in your project. See Filters in Issues section for details.

The Issues page displays three summary cards that provide a quick overview of your security posture:

Issue Severity

Displays the distribution of issues by severity level (Critical, High, Medium, Low, Info). Each severity level shows the count of issues, allowing you to quickly assess the overall risk profile of your project. You can select a severity level to filter the issues list and view only issues with that severity.

Issue Types

Displays the breakdown of issues by scan type (SAST, DAST, SCA, IaC, Secret, Misconfig, Bug Smells, Code Smells, Code Coverage, External Policy, Unknown). You can select an issue type to filter the issues list and view only issues of that type.

Active and Remediated Issues

The chart displays the trend of active and remediated issues over time. Use the Time Range dropdown to adjust the view period (e.g., Last 30 days). The chart helps you track:

  • Active: Issues that are currently open and need attention
  • Remediated: Issues that have been resolved
note

The Active and Remediated issues trend chart only reflects changes when filtering by Issue Types, Severity, Scanner, Status, or Exemption Status.

Issues list

The issues list displays all baseline issues with the following columns:

ColumnDescription
SeverityIssue severity level (Critical, High, Medium, Low, Info).
Issue TypeScan type that detected the issue (SCA, SAST, DAST, etc.).
TitleCVE ID or issue identifier with a brief description.
Targets ImpactedNumber of targets affected by this issue.
OccurrencesTotal number of occurrences detected across all targets.
Last DetectedTimestamp of when the issue was last detected.
TicketsLinked Jira tickets, if any.
StatusCurrent issue status (Active, Remediated, Exempted).

Select any row in the table to open the Issue Details pane.

Issue details

Select an issue from the list in the Issues section to open the Issue Details pane. This pane shows detailed information about the issue and the affected targets.

From the Issue Details pane, you can:

Exemption status

If an issue has an exemption status, the Exemption Status button will appear at the top of the pane. Here, you can click the button to view exemption details or take actions (Approve, Reject, Re-open) based on your permissions. Learn more in Issue Exemption Workflow.

info

The Issues section displays the overall exemption status. The exemption status at scan time is shown only in the Vulnerabilities tab.

Target details

From the Issue Details pane, select a target to open the Target Details pane. This pane provides information about the specific target and details about each occurrence of the selected issue.

Occurrence details

In the Target Details pane, you can explore individual occurrences from the latest baseline scan of the selected target and issue. Click an occurrence to open the Occurrence Details pane, which includes specific details, remediation recommendations, and raw occurrence data.

info

Remediation suggestions for each occurrence are provided by the scanner itself. AI-based remediation powered by Harness AI is not available from the Issues section; it is only available from the Vulnerabilities tab.

Use the carousel navigation buttons (< and >) to move through occurrences related to the selected target.

Filters in Issues section

The Issues section offers various filters to help narrow down issues:

Issue Type

Filter issues by type. Multiple selections are allowed.

  • SAST
  • DAST
  • SCA
  • IaC
  • Secret
  • Misconfig
  • Bug Smells
  • Code Smells
  • Code Coverage
  • External Policy

Targets

Filter issues by target names. Multiple selections are allowed. The dropdown lists all targets scanned within the project.

Target Type

Filter issues by target type. Multiple selections are allowed.

  • Repository
  • Container
  • Configuration
  • Instance

Pipelines

Filter issues by pipeline names. Multiple selections are allowed. The dropdown lists all pipelines used in the project.

Scanner

Filter issues by scanner names. Multiple selections are allowed. The dropdown lists all scanners used in the project.

Severity

Filter issues by severity levels. Multiple selections are allowed.

  • Critical
  • High
  • Medium
  • Low
  • Info

Status

Filter issues by status. Multiple selections are allowed.

  • Active
  • Remediated
  • Exempted

Exemption Status

Filter issues by exemption status. Multiple selections are allowed.

  • None
  • Pending
  • Partially Exempted
  • Rejected
  • Expired

Severity Overridden

Filter issues based on whether the severity has been manually overridden or not.

EPSS Percentile

Filter issues by EPSS percentile (eg., 90th).

EPSS Probability

Filter issues by EPSS probability (eg., 15%).

Reachable

Filter issues by whether they are reachable or not.