Docs
HomeGitHubSign Up

Security Risks

Suggest Edits

Overview

This document outlines the process for appropriately handling security risks deemed acceptable to ignore temporarily or permanently. It ensures transparency and accountability while maintaining a robust security posture. The page collates all accepted security risks and provides a management tab for each type.
It helps ensure that security risks are properly assessed, and decisions to ignore them are made based on a thorough understanding of associated risks.

Risk Acceptance for a Security risk

  1. Open the Security Risks page, select a risk from the table, click on an affected asset, and then click the eye icon button (Accept the risk).

  2. In the Accepting the Risk dialog, you can optionally add a reason and expiration date, then click Save.

  3. You should see a confirmation message at the top of the screen indicating the risk was accepted successfully, and the button state has changed to Edit Accepted Risk.

Revoke an accepted risk

  1. Open the Risk Acceptance page and click on the line for a previously accepted security risk.

  2. Click on the trash button.

  3. Confirm the revoke of the accepted risk.

  4. You should see a confirmation message at the top of the screen, indicating the accepted risk was revoked successfully.


Updated 4 months ago