How to accept issue closing action with the Issue Review feature
Table of content
- Benefits of the Issue Review
- Enable the Issue Review
- Request for an issue update
- View request of issue update
- Get notified about your issue status update
1. Benefits of the Issue Review
Autobahn Security provides the option of an additional review before closing issues (marking them as remediated, false positive or risk accepted). Activating this feature allows users to select a peer to review the status update and give approval to issues' status update. Once activated, you will see an additional page with a list of the most recent open requests and all requests within your organization.
Please note that the issue status remains unchanged as long as the reviewer has not accepted the request. By doing this, admins can implement a review cycle and the ability to oversee user actions that lower the Hackability Score. Re-scans or other data ingestion (e.g. file uploads or integrations) are still automatically closing issues when the related vulnerabilities have not been found again.
2. Enable the Issue Review
The activation of this feature can only be done by users with the Organization Owner role. To activate the feature:
1 - Go to the Settings by clicking on the bottom left corner widget with your organization's name (and your user name).
2 - On the settings page, navigate to the Features tab. You will see options to enable the Issue Review for the following three different statuses:
-
False positive
-
Remediated
-
Risk accepted
3 - Click the toggle next to the status, then click the Update button to activate the feature.
4 - To check if the feature has been activated, click the Issues button from the menu, you should see a new page: Issue review.
This page is only visible if at least one of the Issue Review statuses has been enabled.
3. Request for an issue update
Once the Issue Review feature is activated, you can request an issue update on the Individual issue, Issue details, Scan report, and Workout page. To do this, follow these steps:
1 - On the Individual issues page or table, select the issues that need to have their status updated by ticking the checkbox. Then, click the Mark issue as a button.
2 - A Request issue status change drawer should appear. Input the reason for the request in this field.
3 - Click the Choose a person to review dropdown, then select the peer to review your status update.
4 - Then click the Save button to send the request.
4. View request of issue update
After selecting the reviewer, view your request on the Issue Review page. The issue review page consists of two tables. On top of the page, you can see the Open and Closed review requests. This table is only available for users with Admin and Owner roles. Users with a General role can request an issue update but cannot be selected as a reviewer.
Below this table, you can see the All Open Review Requests table. This table consists of all open requests within the organization. This table is visible for all user types.
5. Get notified about your issue status request
After the Issue Review feature is activated, and each time your issue update request is accepted or rejected, you will be notified through email. To enable or disable this email notification:
1 - Navigate to the settings page.
2 - Click the Notification tab. By default, the Issue Review notification is enabled. To disable them, click on the checkbox then click the Update button.
