Assume vulnerabilities for limited time

Currently, a user could assume a vulnerability for ALL time, forever. The request is to change this and forced to choose a time window for the acceptance of the vulnerability.

This feature request opens new questions:

  • Options: 1 month? Three months? or a specific date (recommended).
  • Could options include forever? Or just a date very far away on time? (recommended)

Thanks in advance


The finding should be assumed asking for a specific date, once this date is reached, the treatment should return to new so this would be considered by asserts and starts breaking the build

The option should not include forever, just a specific date with no time restrictions so they can assume for long periods of time.

1 Like

From this perspective, is this a feature for 2 products and the underlying implication of his integration?

I think once the treatment changes on integrates there’s no need to change anything in asserts, by not having the vulnerability assumed, asserts will automatically consider its validation and break the build

I mean that until today asserts does not communicate automatically with integrates to extract any information via API. Today exploit mapping and activation is created via manual confirmation. In that way, I am referring to the integration asserts-integrates.

This functionality has already been implemented and it has the following constraints:

  • Date can be customized using the calendar and the maximum time is six months (180 days).
  • If no date is established, the maximum date is set (180 days)
  • Once the established date is reached, the treatment returns to “New”
  • The latter condition implies that if the project uses Asserts, it will start breaking the build again