Vulnerability management policy
- no_longer_detected rule
- auto_resolve action

Vulnerability management policy schema

The YAML file with vulnerability management policies consists of an array of objects matching vulnerability management policy schema nested under the vulnerability_management_policy key. You can configure a maximum of 5 policies under the vulnerability_management_policy key. Any other policies configured after the first 5 are not applied.

When you save a vulnerability management policy, its content is validated against the vulnerability management policy schema. If you’re not familiar with how to read JSON schemas, the following sections and tables provide an alternative.

Field	Type	Required	Description
`vulnerability_management_policy`	`array` of vulnerability management policy	true	List of vulnerability management policies (maximum 5)

Vulnerability management policy

Field	Type	Required	Description
`name`	`string`	true	Name of the policy. Maximum of 255 characters.
`description`	`string`	false	Description of the policy.
`enabled`	`boolean`	true	Flag to enable (`true`) or disable (`false`) the policy.
`rules`	`array` of rules	true	List of rules that define the policy’s criteria.
`policy_scope`	`object` of `policy_scope`	false	Scope of the policy, based on the projects, groups, or compliance framework labels you specify.
`actions`	`array` of actions	true	Action to be taken on vulnerabilities matching the policy.

`no_longer_detected` rule

This rule defines the criteria for the policy.

Field	Type	Required	Possible values	Description
`type`	`string`	true	`no_longer_detected`	The rule’s type.
`scanners`	`array`	`true`	`sast`, `secret_detection`, `dependency_scanning`, `container_scanning`, `dast`, `coverage_fuzzing`, `api_fuzzing`	Specifies the scanners for which this policy is enforced.
`severity_levels`	`array`	`true`	`critical`, `high`, `medium`, `low`, `info`, `unknown`	Specifies the severity levels for which this policy is enforced.

`auto_resolve` action

This action resolves vulnerabilities matching the policy’s rules and scope.

Field	Type	Required	Possible values	Description
`type`	`string`	true	`auto_resolve`	The action’s type.

Help & feedback

Docs

Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.

Product

Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Join First Look to help shape new features.

Feature availability and product trials

View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.

Get Help

If you didn't find what you were looking for, search the docs.

If you want help with something specific and could use community support, post on the GitLab forum.

For problems setting up or using this feature (depending on your GitLab subscription).

Request support