Skip to main content

Overview

Policy violations are records created when a policy matches a target. They show which policy matched, the scope where it matched, the affected target, the effective enforcement mode, and any timing metadata such as SLA due dates.
Availability depends on your Cysmiq plan.

Violation statuses

StatusMeaning
OpenThe violation is active
Pending ReviewThe violation needs review before final handling
ResolvedThe violation no longer applies or has been resolved
WaivedA waiver exception applies
Accepted RiskAn accepted-risk exception applies

Enforcement

Policy violations carry an effective enforcement mode:
ModeMeaning
MonitorTrack the violation for visibility
WarnSurface the violation as warning-level policy enforcement
BlockSurface the violation as blocking policy enforcement
The effective mode may come from the policy itself, a policy binding, a rule-level setting, or an override.

SLA timing

Policies can define SLA actions with a duration such as 7d. Violations created by those policies can include:
  • First seen time
  • Last seen time
  • Due time
  • Remaining seconds
  • Resolved time
When SLA policy columns are enabled in vulnerability views, SLA status summarizes whether matching vulnerabilities are inside or outside the configured remediation window.

Exceptions

Policy violations can be handled with exceptions:
ExceptionEffect
WaiverRecords a waiver for the policy violation target
Accepted riskRecords that the risk is accepted for the policy violation target
Exceptions can include a reason and optional expiration date. Removing an exception refreshes the violation status when the violation still exists.

Snoozes

When snoozes are enabled, policy violations can be snoozed, approved, rejected, canceled, or cleared through the policy violation workflow. See Snoozes for approval, limits, scope overrides, and user actions.

API access

API keys with policy-violations:read can list and retrieve policy violations. List filters include repository, ref, status, enforcement mode, policy, target type, limit, and cursor. See API keys for key scope details.