Issues vs Rules vs Alerts
These three terms are related but not the same:
Rule
- A rule is the detection logic (policy) that identifies a problem.
- Your rules have IDs like CODE-0001, CODE-0002, etc.
- Rules belong to a catalog (SAST, SCA, Secrets, IaC, License, Containers, Kubernetes, etc.).
Issue
- An issue is a specific instance of a rule finding in your code or configuration.
- Example: Rule CODE-0123 triggers on a file in a PR → an issue is created for that PR/branch context.
Alert
- An alert is a notification/event generated from issues or posture changes.
- Examples:
- New critical introduced in PR
- Severity score crossed threshold
- Policy gate failed
- Slack notification sent