Skip to main content

View and manage baseline issues

The Issues section at the Project level provides a consolidated view of all security issues affecting your baseline targets, providing a comprehensive list of issues identified across scans in the selected Project. Issues section is currently available only at the Project level. Support for Organization and Account levels will be available soon. From the Issues section, you can:

info
  • The Issues section displays only the issues impacting your project's baselines. If your project has no targets or baselines configured, this page will not present the issues, even if scans have been executed against non-baseline targets.
  • To see detected issues in a non-baseline variant, such as a feature or developer branch, go to a pipeline execution where the variant was scanned and then go to Vulnerabilities tab.

Access the Issues section from the left navigation in the STO module. You can apply filters to effectively navigate through the issues in your project. See Filters in Issues section for details.

Issue details

Select an issue from the list in the Issues section to open the Issue Details pane. This pane shows detailed information about the issue and the affected targets.

From the Issue Details pane, you can:

Exemption status

If an issue has an exemption status, the Exemption Status button will appear at the top of the pane. Here, you can click the button to view exemption details or take actions (Approve, Reject, Re-open) based on your permissions. Learn more in Issue Exemption Workflow.

info

The Issues section displays the overall exemption status. The exemption status at scan time is shown only in the Vulnerabilities tab.

Target details

From the Issue Details pane, select a target to open the Target Details pane. This pane provides information about the specific target and details about each occurrence of the selected issue.

Occurrence details

In the Target Details pane, you can explore individual occurrences from the latest baseline scan of the selected target and issue. Click an occurrence to open the Occurrence Details pane, which includes specific details, remediation recommendations, and raw occurrence data.

info

Remediation suggestions for each occurrence are provided by the scanner itself. AI-based remediation powered by Harness AI is not available from the Issues section; it is only available from the Vulnerabilities tab.

Use the carousel navigation buttons (< and >) to move through occurrences related to the selected target.

Filters in Issues section

The Issues section offers various filters to help narrow down issues:

Issue Type

Filter issues by type. Multiple selections are allowed.

  • SAST
  • DAST
  • SCA
  • IaC
  • Secret
  • Misconfig
  • Bug Smells
  • Code Smells
  • Code Coverage
  • External Policy

Targets

Filter issues by target names. Multiple selections are allowed. The dropdown lists all targets scanned within the project.

Target Type

Filter issues by target type. Multiple selections are allowed.

  • Repository
  • Container
  • Configuration
  • Instance

Pipelines

Filter issues by pipeline names. Multiple selections are allowed. The dropdown lists all pipelines used in the project.

Scanner

Filter issues by scanner names. Multiple selections are allowed. The dropdown lists all scanners used in the project.

Severity

Filter issues by severity levels. Multiple selections are allowed.

  • Critical
  • High
  • Medium
  • Low
  • Info

Exemption Status

Filter issues by exemption status. Multiple selections are allowed.

  • None
  • Pending
  • Approved
  • Rejected
  • Expired