Ability to change/edit the severity in Harness STO
next fiscal quarter
B
Burnt sienna Dolphin
As a user of Harness Security Testing Orchestration (STO), I would like the ability to change or edit the severity of findings identified during security scans. Since the severity is not matching as per our considerations and the actual risk in our environment. Add an option to edit the severity of a finding directly from the findings dashboard. Implement role-based permissions to control who can change the severity of findings.
Log In
Canny AI
Merged in a post:
Display Modified Severity Score on STO Security Tests Dashboard Based Upon Snyk Policies
R
Rubber Scallop
Our organization is interested in adjusting the json output (CVSS score) based on the updated Snyk policy (matching our org's severity rating) and display the updated value in the STO dashboard.
Pritesh Chandaliya
We will take this up in Q1 - Q2 (Feb - July 2025)
Pritesh Chandaliya
next fiscal quarter
Canny AI
Merged in a post:
Allow custom severity levels in STO dashboard
R
Rubber Scallop
In our environment we re-score SNYK OSS vulnerabilities. Instead of having 'critical, high, medium, low, info', we have 'critical, severe, high, medium, low). The CVSS ranges are slightly different between these 2 lists. We would like the flexibility to customize the severity levels within STO dashboard.
Pritesh Chandaliya
are you asking to retain the snyk severity level (so that overrides Harness STO severity) levels. If yes, we already support it - https://developer.harness.io/docs/security-testing-orchestration/sto-techref-category/snyk/snyk-scanner-reference#show-original-issue-severities-overridden-by-snyk-security-policies
If not, can you please provide more context. Thanks! Rubber Scallop
Canny AI
Merged in a post:
STO Override Results Ranking
J
Jade Crocodile
Based off our environment, sometimes we want the ability to override how the results are scored or ranked(Critical/High/Medium/Low). It would be fine if it worked at the project level to start and per scanner of course. We noticed and specifically need it for CheckmarxOne scanner system which only uses high/medium/low for ranking. Thank you.
Pritesh Chandaliya
We have this priority for Q3, where we will provide a way to override the severity on our side by the ones provided by Checkmarkx (basically retain their severity). Jade Crocodile Burnt sienna Crawdad thanks for the patience.
B
Burnt sienna Crawdad
Jade Crocodile from PC: I will be doing Q2 planning and once we have all the details I can update that here. Q2 planning will be done on April 15th.
Pritesh Chandaliya
Talked to the VSX team, and they would like to override the severity of the issues and retain the values which we get directly from Checkmarkxone.
J
Jade Crocodile
Let me check with my team. I will update shortly. Thank you.
Load More
→