Managing Findings

Triage, track, and resolve vulnerability findings. Effective triage follows this flow: Review Finding → Assess → Decide → Update Status → Take Action For each...

Last updated: January 14, 2026

Managing Findings

Triage, track, and resolve vulnerability findings.

Triage Workflow

Overview

Effective triage follows this flow:

Review Finding → Assess → Decide → Update Status → Take Action

Triage Questions

For each finding, ask:

  1. Is this a real vulnerability?
  2. How severe is it in context?
  3. What's the fix?
  4. Who should fix it?
  5. When should it be fixed?

Finding Status

Available Statuses

Status Meaning When to Use
Open Not yet reviewed Initial state
Acknowledged Reviewed, will address Real issue identified
In Progress Being fixed Work started
Fixed Resolved Fix completed
False Positive Not real Scanner was wrong
Won't Fix Accepted risk Intentionally not fixing

Changing Status

  1. Click the finding
  2. Click the status dropdown
  3. Select new status
  4. Add a comment (recommended)
  5. Save

Bulk Operations

Select Multiple

  1. Check findings using checkboxes
  2. Or use Select All
  3. Bulk action menu appears

Bulk Actions

Action Description
Change Status Update all selected
Assign To Assign to team member
Add Comment Add note to all
Export Download selected

Filtering Findings

By Severity

Show only specific severities:

  • Critical only
  • Critical + High
  • All

By Status

Filter by triage status:

  • Open (need review)
  • Acknowledged (planned)
  • In Progress
  • Fixed
  • False Positive
  • Won't Fix

By Category

Filter by vulnerability type:

  • Reentrancy
  • Access Control
  • Integer Issues
  • etc.

By Scanner

See findings from specific scanners:

  • Slither
  • Aderyn
  • All scanners

Sorting Findings

Sort by:

  • Severity - Critical first (default)
  • Risk Score - Highest risk first
  • Location - By file/line
  • Status - Open first
  • Date - Newest/oldest

Adding Comments

On Findings

Add context to any finding:

  1. Open the finding detail
  2. Click Add Comment
  3. Enter your analysis
  4. Click Post

Comment Uses

  • Explain your triage decision
  • Document why it's a false positive
  • Note relevant context
  • Track discussion

Example Comments

"False positive: This function is only called by the owner, who is trusted."

"Fix in progress: PR #123 addresses this issue."

Assignments

Assigning Findings

On team plans, assign findings:

  1. Click the finding
  2. Click Assign
  3. Select team member
  4. Optionally set due date
  5. Click Assign

Assignment Notifications

The assignee receives:

  • Email notification
  • Dashboard notification
  • Finding appears in their assigned list

Tracking Assignments

View assigned findings:

  • My Assignments - Your tasks
  • Team Assignments - All team assignments
  • Filter by assignee

Triage Best Practices

1. Start with Critical

Review Critical findings first. They need immediate attention.

2. Don't Skip High

High findings should all be reviewed before moving to Medium.

3. Batch Similar Issues

Similar findings often have related fixes. Group them.

4. Document Decisions

Always add a comment explaining your decision.

5. Set Realistic Deadlines

Assign due dates you can actually meet.

6. Review Periodically

Re-triage open findings regularly.

Tracking Progress

Dashboard Metrics

The dashboard shows:

  • Findings by status
  • Resolution rate
  • Trend over time

Reports

Generate reports showing:

  • Current state
  • Progress over time
  • Team performance

Resolving Findings

Mark as Fixed

When you've resolved an issue:

  1. Fix the code
  2. Re-scan to verify
  3. If finding is gone, mark Fixed
  4. Add comment noting the fix

Verify Fixes

Always re-scan after fixing:

  1. Run a new scan
  2. Compare results
  3. Confirm finding is resolved
  4. Watch for regressions

Fixed vs Gone

  • Fixed - You resolved it
  • Gone (not in new scan) - Could be fixed or code changed

Handling False Positives

Identifying False Positives

See False Positives for detailed guidance.

Marking False Positives

  1. Open the finding
  2. Change status to False Positive
  3. Add comment explaining why
  4. Save

Learning from False Positives

  • Note patterns in false positives
  • Provide feedback to improve scanners
  • Consider adjusting scanner selection

Won't Fix Decisions

When to Use

Mark Won't Fix when:

  • Risk is accepted intentionally
  • Mitigating factors exist
  • Fix is not practical

Documenting Won't Fix

Always document:

  • Why you're not fixing
  • What mitigations exist
  • Who approved the decision
  • Any conditions for reconsideration

FAQ

Q: Who can change finding status?
A: On team plans, any team member. Admins can restrict permissions.

Q: Are status changes logged?
A: Yes. All changes are tracked in the audit log.

Q: Can I undo a status change?
A: Yes. Just change the status again.

Q: Do status changes affect other scans?
A: No. Each scan has independent finding statuses.

Next Steps