Overview
Policy violations are records created when a policy matches a target. They show which policy matched, the scope where it matched, the affected target, the effective enforcement mode, and any timing metadata such as SLA due dates.
Availability depends on your Cysmiq plan.
Violation statuses
| Status | Meaning |
|---|
Open | The violation is active |
Pending Review | The violation needs review before final handling |
Resolved | The violation no longer applies or has been resolved |
Waived | A waiver exception applies |
Accepted Risk | An accepted-risk exception applies |
Enforcement
Policy violations carry an effective enforcement mode:
| Mode | Meaning |
|---|
Monitor | Track the violation for visibility |
Warn | Surface the violation as warning-level policy enforcement |
Block | Surface the violation as blocking policy enforcement |
The effective mode may come from the policy itself, a policy binding, a rule-level setting, or an override.
SLA timing
Policies can define SLA actions with a duration such as 7d. Violations created by those policies can include:
- First seen time
- Last seen time
- Due time
- Remaining seconds
- Resolved time
When SLA policy columns are enabled in vulnerability views, SLA status summarizes whether matching vulnerabilities are inside or outside the configured remediation window.
Exceptions
Policy violations can be handled with exceptions:
| Exception | Effect |
|---|
| Waiver | Records a waiver for the policy violation target |
| Accepted risk | Records that the risk is accepted for the policy violation target |
Exceptions can include a reason and optional expiration date. Removing an exception refreshes the violation status when the violation still exists.
Snoozes
When snoozes are enabled, policy violations can be snoozed, approved, rejected, canceled, or cleared through the policy violation workflow.
See Snoozes for approval, limits, scope overrides, and user actions.
API access
API keys with policy-violations:read can list and retrieve policy violations. List filters include repository, ref, status, enforcement mode, policy, target type, limit, and cursor.
See API keys for key scope details.