> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Policy violations

> Review policy violations, enforcement modes, SLA timing, and exception statuses.

## Overview

Policy violations are records created when a policy matches a target. They show which policy matched, the scope where it matched, the affected target, the effective enforcement mode, and any timing metadata such as SLA due dates.

<Info>Availability depends on your Cysmiq plan.</Info>

## Violation statuses

| Status           | Meaning                                              |
| ---------------- | ---------------------------------------------------- |
| `Open`           | The violation is active                              |
| `Pending Review` | The violation needs review before final handling     |
| `Resolved`       | The violation no longer applies or has been resolved |
| `Waived`         | A waiver exception applies                           |
| `Accepted Risk`  | An accepted-risk exception applies                   |

## Enforcement

Policy violations carry an effective enforcement mode:

| Mode      | Meaning                                                   |
| --------- | --------------------------------------------------------- |
| `Monitor` | Track the violation for visibility                        |
| `Warn`    | Surface the violation as warning-level policy enforcement |
| `Block`   | Surface the violation as blocking policy enforcement      |

The effective mode may come from the policy itself, a policy binding, a rule-level setting, or an override.

## SLA timing

Policies can define SLA actions with a duration such as `7d`. Violations created by those policies can include:

* First seen time
* Last seen time
* Due time
* Remaining seconds
* Resolved time

When SLA policy columns are enabled in vulnerability views, SLA status summarizes whether matching vulnerabilities are inside or outside the configured remediation window.

## Exceptions

Policy violations can be handled with exceptions:

| Exception     | Effect                                                            |
| ------------- | ----------------------------------------------------------------- |
| Waiver        | Records a waiver for the policy violation target                  |
| Accepted risk | Records that the risk is accepted for the policy violation target |

Exceptions can include a reason and optional expiration date. Removing an exception refreshes the violation status when the violation still exists.

## Snoozes

When snoozes are enabled, policy violations can be snoozed, approved, rejected, canceled, or cleared through the policy violation workflow.

See [Snoozes](/vulnerability-management/snoozes) for approval, limits, scope overrides, and user actions.

## API access

API keys with `policy-violations:read` can list and retrieve policy violations. List filters include repository, ref, status, enforcement mode, policy, target type, limit, and cursor.

See [API keys](/security-access/api-keys) for key scope details.

## Related docs

* [Policies](/policies/overview)
* [Vulnerability list view](/vulnerability-management/vulnerability-list-view)
* [Snoozes](/vulnerability-management/snoozes)
* [API reference](/api-reference)
