> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Vulnerability lifecycle

> Statuses, resolutions, and how vulnerabilities move through triage.

## Statuses

These are the current workflow statuses for vulnerabilities.

| Status       | Meaning                                                                                                      |
| ------------ | ------------------------------------------------------------------------------------------------------------ |
| Open         | New vulnerability, not yet reviewed                                                                          |
| Confirmed    | Verified as a real issue                                                                                     |
| Needs Review | Requires human attention                                                                                     |
| In Progress  | Being worked on                                                                                              |
| In Review    | Fix submitted, under review                                                                                  |
| Resolved     | Final state for remediated vulnerabilities. Resolution required                                              |
| Closed       | Final state for Won't Fix, False Positive, Duplicate, or other non-remediation outcomes. Resolution required |

## Status notes

* When you move a vulnerability to **Resolved** or **Closed**, a resolution is required
* Available transitions depend on the current status
* A final vulnerability can be reopened manually only when Cysmiq still has an active location for it
* If all locations are fixed, future redetection by a scan is the path that reopens the finding
* Reopening a final status is tracked as a regression and shown in the vulnerability detail view

## Resolutions

Resolutions describe the outcome when a vulnerability is marked **Resolved** or **Closed**.

| Resolution       | Meaning                                                             |
| ---------------- | ------------------------------------------------------------------- |
| Fixed            | Issue was fixed                                                     |
| Won't Fix        | Accepted risk, will not fix                                         |
| False Positive   | Not a real issue                                                    |
| Duplicate        | Same as another vulnerability                                       |
| Cannot Reproduce | Unable to verify                                                    |
| Done             | Completed                                                           |
| Rejected         | System-only, set when analysis determines it is not a vulnerability |

## False positive workflow

Use this workflow when the development team confirms that a finding is invalid or does not represent an actionable vulnerability.

1. Open the vulnerability detail view.
2. In the **Status and resolution** sidebar control, choose **Closed**.
3. Choose **False Positive** as the resolution.
4. Add a comment with the decision context, such as the reviewer, evidence, or linked discussion.
5. Save the status change.

For bulk cleanup, select findings in the vulnerability list, choose **Change status / resolution**, then apply **Closed** with **False Positive**.

After the update, the vulnerability is tracked as **Closed** with resolution **False Positive**. The activity log records the transition and comment, filters can find the finding by status or resolution, and future redetection can reopen a final finding as a regression.

Use **Won't Fix** for real findings where the team accepts risk. Use vulnerability lifecycle resolution for finding validity decisions. Policy exceptions apply to policy violations such as SLA, package, manifest, or custom policy matches.

API triage exposes this workflow as the **Ignored** state. That state maps to **Closed** with resolution **False Positive**.

## Related docs

* [Vulnerability detail view](/vulnerability-management/vulnerability-detail-view)
