Vulnerability Tracking
Central view of security findings with remediation status
Overview
Aggregate security findings from scanning tools into a single dashboard. Track what's open, what's fixed, and what's blocking your release. Simple ownership and priority management.
Why It Matters
Scanning tools find issues, but without tracking you lose them in noise. Know what's open, what's fixed, and what's blocking release.
The Risk
Without tracking, vulnerability remediation is chaos. Critical issues sit unfixed. Teams waste time on duplicates and false positives. You can't answer 'what's our security posture?'
Implementation Components
A complete implementation of this capability includes:
- Central vulnerability dashboard
- Integration with all scanning tools (SAST, SCA, DAST)
- Prioritization and severity assignment
- Ownership tracking per vulnerability
- Remediation status and timelines
- False positive marking workflow
Implementation Pattern
- 1Choose tracking platform or use GitHub Security
- 2Connect your scanning tools (SAST, SCA, DAST)
- 3Review findings weekly
- 4Mark false positives and track fixes
- 5Block releases on critical findings
Pipeline Coverage
This continuous capability monitors and applies to the following pipeline phases:
Tool Examples
These are examples, not endorsements. Choose what fits your context.
Dependencies
Enhanced by (more effective with)
Same Layer
Other capabilities in this continuous layer
- •#44 Database Backups
- •#45 System/App Backups
- •#46 Restore Verification
- •#47 Restore Drills
- •#48 Host Hardening
+5 more