Remediation Policy

Remediation Policy lets your organization automatically exclude low-risk or non-actionable vulnerabilities from remediation. When the policy is enabled, Backline automatically moves vulnerabilities that match the selected rules to Dismissed. These vulnerabilities will not be remediated and will not appear in active remediation queues. You can find this page under: Settings → Remediation Policy

How the Policy Works

Remediation Policy includes three optional rules:

Risk Score Threshold

Automatically dismiss vulnerabilities with a Risk Score below the selected threshold.

Not Reachable

Automatically dismiss vulnerabilities that Backline determines are not reachable from the application code.

Not Exploitable

Automatically dismiss vulnerabilities that Backline determines are not exploitable in the customer environment.

A vulnerability is dismissed when it matches any enabled rule.

Enabling or Disabling the Policy

Use the main toggle at the top of the page to turn Remediation Policy on or off. When the policy is off, Backline will not automatically dismiss vulnerabilities based on these rules. Your saved rule settings remain visible, but cannot be edited until the policy is turned back on.

Saving Changes

After changing the policy settings, click Save to apply the changes. You can click Cancel to discard your changes and restore the last saved policy configuration.

SLA by Severity Integration Hub