Skip to main content

1.7 Workflow Management

Once a report for an asset is generated, we can enter Workflow Management to track the resolution of vulnerabilities found.

1.7.1 User List

SourceGuard maintains a users list that can be looked up with sub in JWT.
Each user record contains an email address to send email notification to.
Email will be sent via the Notification Service.

1.7.2 Task

A Task is created from a vulnerability found for an asset. A Task must be assigned to a User to be resolved.
Depending on the vulnerability's risk, the default target date will set to according to different periods (configurable).
Once created, the same vulnerability found for the same asset should be tracked by the same Task.
Task does not need to be verified after resolution.

tip

Tentatively vulnerability on same asset tracking this is done by using (asset ID, vulnerability ID) as Task ID

Workflow Task State Diagram