Feature Request, Exemption auto request and grant
next fiscal quarter
K
Keppel green Thrush
As a security engineer, I seek to run SCA (software component analysis) scans as late in the CICD process as possible (shift right). However I do not want to block releases at this point. What I DO want is for vulnerabilities discovered at this late stage to auto request an exemption, and for the exemption to be automatically granted, and for the duration of the exemption to be configurable to my organizations SLO for remediating security findings. The vulnerability severity needs to be configurable, but for our needs it's High and Critical.
Additionally, notification to myself, repo owners, security staff via email would be amazing.
Log In
Pritesh Chandaliya
This is a great use case and it requires a bit more thoughtful design on our side. I’ll work on defining this feature properly (auto-request + configurable exemption duration) and we can evaluate implementing it then.
For now, you can achieve the non-blocking behavior by not applying an OPA policy to the SCA step in the far-right stage of your pipeline. This ensures the pipeline will not be blocked.
You’ll still be able to:
- View all detected vulnerabilities in the pipeline results
- Manually create exemptions
- Create tickets to track remediation
- This gives you visibility without impacting release velocity.
Let me know if this approach works for you in the meantime.
Pritesh Chandaliya
marked this post as
next fiscal quarter
This is planned for Q2 Post April 2026.
Updated the quarter.