Issue Management

Issue Management is where DevSecOps Bot turns scanner findings into an actionable workflow for engineering teams. It helps you triage, assign ownership, reduce noise, and maintain an audit-friendly history of decisions.

Issue Lifecycle

An issue is a single tracked finding created from a rule match in a scan (SAST, SCA, Secrets, IaC, License, etc.). Issues exist to help teams prioritize, assign, fix, and prove closure over time. Typical lifecycle states:

1. New Issue

   • The finding was detected for the first time on the selected branch/repository context.
   • Used to highlight newly introduced risk during PR/branch scans.

2. Open

   • The issue is valid and not yet resolved.
   • Default state for active findings.

3. Assigned

   • Ownership has been set to a user (Admin or ReadOnly can be assigned depending on your workflow).
   • Assignment is meant for accountability and tracking, not permissions.

4. Resolved

   • The issue is fixed (or otherwise remediated) and no longer appears in subsequent scans for the same branch context.

5. Closed

   • The system has verified the issue is no longer present across updated scan results, or it was explicitly closed via resolution actions.

NOTE

Issues can re-open if the risk returns (regression) on the same branch/repository.

The Issue Tracker supports filtering by branch, file, severity, category, rule ID, and status.