Vulnerability Triage

Triage lets your team track, prioritize, and resolve SCA findings with a structured workflow. Every vulnerability can be assigned a status, a justification, and a discussion thread.

Triage Statuses

Triaging a Single Vulnerability

1. Navigate to Dashboard → SCA → Triage or click into any vulnerability from the SCA dashboard
2. Open the vulnerability detail panel
3. Select a status from the dropdown
4. Add a justification note explaining your decision
5. Click Save

Bulk Triage

For large scan results, you can triage multiple findings at once:

1. Use the checkboxes in the vulnerability table to select findings
2. Click the Bulk Actions button in the toolbar
3. Choose a status to apply to all selected items
4. Add an optional justification note
5. Confirm the action

Comments and Discussion

Each vulnerability has a comment thread where team members can discuss findings, share context, or request more information. Comments are timestamped and attributed to the author.

SLA Tracking

CodeStax tracks remediation deadlines based on configurable SLAs per severity level. You can set target resolution times for Critical, High, Medium, and Low findings in your organization settings.

SLA Status Indicators

Best Practices

1. Set SLA deadlines that match your risk tolerance — Stricter deadlines for Critical findings
2. Require justification for Accepted Risk and Won’t Fix — Ensures decisions are documented
3. Review False Positives periodically — Reachability may change as your code evolves
4. Use bulk triage after large scans — Speeds up initial review of new findings