Review Process

All issues can be easily reviewed by clicking on the top right button in the issue summary and selecting a review label. The same applies to the issue table.

These labels are synchronized with the IDE integrations and the Jira integration.

Retained Recognition

Review labels and comments alike are copied to the analysis results of a subsequent scan.

Once a review label was added to a vulnerability, the same vulnerability in upfollowing scans automatically inherits this review label to save rework.

By using matching algorithms, this works even if the code of the vulnerability or the one surrounding it changes to some extend.

Negative Reviews

"Not exploitable", "No issues", and "Duplicate" are negative reviews, i.e. the issue is not exploitable for one reason or another.

Issues with negative reviews are ignored by the RIPS CI tools. They are also hidden from the UI by default (this can be changed in the account settings).