Xygeni User Guides
  • Welcome to Xygeni
  • Getting Started
    • Create a Free Trial Account
    • Quick start with your code repository
    • Quick start with Xygeni CLI
    • Quick start with a preloaded project
    • Log in to Xygeni
    • Subscribe to Xygeni
  • Introduction to Xygeni
    • Key Concepts
      • Projects in Xygeni
      • Project Baseline
      • Detected Issues
      • Remediation Actions
      • Policies
      • Risk Level
      • SDLC Inventory
      • Standards Compliance
      • GuardRails
    • Xygeni Products
    • How Xygeni works
    • Xygeni Web UI Overview
      • Projects Screen
        • Risk Level
    • Integrating Xygeni into your Workflow
    • Prioritization Funnels
      • Custom Funnels
      • Prioritization Criteria (Stages)
        • Reachability
        • Exploitability
        • Fixable
    • Guardrails
    • Generate a SBOM
    • Reports
      • Trends
      • Scan History
    • Supported Integrations
    • Customizations
  • Xygeni Products
    • Application Security Posture Management (ASPM)
      • ASPM User Interface Guide
      • All Risks
        • Statistics
        • Issues Evolution
        • Issue Comparison Between Different Scans
      • Governance
      • Inventory
        • All Assets
        • Repositories
        • Components
        • CI/CD Assets
        • Delivery Assets
        • Systems & Tools
        • Collaborators
      • Health Check
      • Inventory Scanner
        • Inventory Scanner Configuration
        • Inventory Collaborators Scan
      • Importing reports from 3rd party tools
        • External Scanners Supported
          • Report upload for Kiuwan
            • ExportRule (.java)
    • Code Security (SAST)
      • Code Security (SAST) User Interface Guide
        • Risks (SAST)
        • Malicious Code
      • Malware Scanner
        • Malware Scanner Configuration
        • Malware Detectors
      • SAST Scanner
        • SAST Scanner Configuration
    • Open Source (SCA)
      • Open Source (SCA) User Interface Guide
      • Open Source Components
      • Supported Package Managers for dependency resolution
      • Risks (SCA)
      • OSS Prioritization Funnels
      • OSS Auto-Remediation
      • Malware Early Warning (MEW)
        • How Malware Early Warning works
        • Common types of Malware found in open source packages
      • Dependency Scanner
        • Dependency scanner configuration
        • Dependency Analyzers
      • Suspect Dependencies Scanner
        • Suspect Deps Scanner Configuration
        • Suspect Deps Detectors
    • CI/CD Security
      • CI/CD Security User Interface Guide
      • CI/CD Details
      • Build Attestations
      • CI/CD Scanner
        • CI/CD Misconfigurations Scanner Configuration
      • Compliance Scanner
        • Supported compliance standards
    • Secrets Security
      • Secrets User Interface Guide
      • Secrets Scanner
        • Secrets scanner configuration
      • Secret Leaks Handling
        • Secret Leaks Handling
        • How to Prevent Hard-Coded Secrets
        • Secret Leaks Handling CheatSheet
      • Secrets Auto-Remediation
    • IaC Security
      • IaC User Interface Guide
      • IaC Scanner
        • IaC Scanner Configuration
    • Malware
    • Build Security
      • Build Security Concepts
      • Build Attestations
      • Attestation format
      • How SALT works
      • Installing Salt CLI
      • Salt Command-Line Reference
      • SALT Architecture
      • SALT How To…​
    • Anomalous Activity Detection
      • Anomalous Activity Detection User Interface Guide
      • Xygeni Sensors
        • Xygeni Sensor for Azure
        • Xygeni Sensor for BitBucket
        • Xygeni Sensor for GitHub
          • GitHub Audit Log Processing
        • Xygeni Sensor for GitLab
        • Xygeni Sensor for Jenkins
        • Anomaly Detection's Detectors
      • Code Tampering Scanner
        • Code Tampering Scanner Configuration
    • Compliance & Malware Insights
      • SSCS Compliance
      • Malicious Packages DB
  • Scan Management
    • Manage Scans
    • Scan History
  • Xygeni Scanner CLI
    • Xygeni Scanners
    • Xygeni CLI Overview
      • Xygeni CLI Prerequisites
      • Xygeni CLI Installation
      • Xygeni CLI Docker Image
      • Xygeni CLI Authentication
        • CLI Authentication with Xygeni
      • SCM, CI/ CD and Container Registry tokens
      • Xygeni CLI Operation Modes
        • Single scan
          • Scanning a docker image
        • Multi Scan
        • Organization scan
      • Xygeni CLI Configuration options
      • Xygeni CLI Output Formats
      • Exporting Xygeni results to 3rd party tools
      • Automatic Remediation
      • Generate SBOM with the Xygeni CLI
      • CLI utils
        • Credentials Encryption
        • Central Configuration
      • Xygeni Guardrails
        • CI/CD Audit Analysis
      • Xygeni CLI Error Codes
      • Xygeni Scanner Reference
  • Xygeni Administration
    • Platform Administration
      • Profile
      • Subscription
      • Users Management
      • Projects Management
      • Groups Management
      • Policies
      • Integrations
        • Xygeni Single Sign-On (SSO) Authentication
          • SSO - OKTA
          • SSO - Microsoft Entra ID
        • Integrate Scanner CLI into CI/CD Systems
          • Azure Pipelines Integration
          • BitBucket Integration
          • CircleCI Integration
          • GitHub Actions Integration
          • GitLab Runner Integration
          • Jenkins Integration
          • Travis CI Integration
        • Git Hooks with Xygeni
        • Collaboration & communication Tools
        • Ticketing Systems
        • Remediation systems
      • Notifications
    • Rest API
  • Support
  • Changelog
    • Version 5.11 - April 11, 2025
    • Version 5.9 – March 26, 2025
Powered by GitBook
On this page
  • Steps to address a security incident or vulnerability
  • Remediation Actions
  • Automatic Remediation
  • Handling Actions in Xygeni Dashboard
  • Internal Issue Management
Export as PDF
  1. Introduction to Xygeni
  2. Key Concepts

Remediation Actions

PreviousDetected IssuesNextPolicies

Last updated 28 days ago

Steps to address a security incident or vulnerability

The documentation for each detector provides examples for addressing specific security issues, as well as recommended procedures for assessing the impact and resolving the issue.

Remediation Actions

Examples of remediation actions include revoking leaked secrets, modifying infrastructure playbooks or receipts and updating existing resources, hardening authentication or authorization settings for CI/CD tools, or fixing pipeline configurations.

Automatic Remediation

Xygeni provides mechanisms to automatically remediate certain kind of issues.

Please, go to the below sections for further information on automatic remediation:

Handling Actions in Xygeni Dashboard

The offers contextual remediation actions for each security issue or unusual activity alert. The common actions are:

  • Manage Issue: A basic handling workflow, for setting a status.

  • Create ticket: Opens a new ticket in the configured ticketing tool. Full information for the issue is rendered so the ticket can be created with minimal work.

  • Open Pull Request (PR): Opens a pull request in the configured Source Control Manager, with contextual information on the issue. Commits with changes in source / configuration files can be added to the branch, for automation, so after review the pull request can be approved for merging into the target branch.

  • Disable Check: Deactivates the detector that reported the issue, possible for all the policies including it. This action is only available when the user’s roles allows it. This is a quick way to remove detectors that do not apply for the organization, or that are creating issues that should be ignored systematically.

  • See in Inventory: Shows the asset where the issue was located in the , .

  • Search Similar: Opens a view with issues similar to the selected one. Similarity is typically by the specific issue type across all projects. This helps to focus on fixing all of them by applying the recommended fix steps.

Internal Issue Management

The Xygeni platform provides a basic handling workflow that helps to trace each issue.

Please note that alternative handling might start by opening a ticket for the target issue or group of issues in your ticketing tool of choice, and using your incident handling workflow using the tool.

In that case, you may leverage the provided "Create Ticket" action to open a new ticket in the external tool with the full issue information.

The Status field may take the following values:

  • Open: The initial status: The issue has not yet handled.

  • Under review: The issue is under investigation.

  • Confirmed incident: The issue is a confirmed security problem, and should be fixed.

For unusual activity, additional states are available:

  • Incident closed: The problem was corrected, and any potentially harmful consequences related to the unusual activity were handled.

  • Normal business: Internally the issue will be "muted", applying to current issue and current scan.

Only for security issues (secrets, misconfigurations, bad components and IaC flaws):

  • Muted: False Positive The issue is not legitimate. To report this as a bug, check "Create false positive ticket for Xygeni" to open a support ticket.

  • Muted: Accept the risk. The issue is acknowledged, but the risk is assumed instead of trying to fix the issue.

  • Muted: Other. When the issue needs to be silenced for other reasons.

To change it for a given security issue, just open the issue and click on "Change Status" (see image below)

Then, a dialog will open where you can the change the status as well as provide any further additional information about the reason of the change.

To change the status of several issues (bulk mode) at once: First, select the checkbox on the left on each issue you want to modify. Then, under the 'Actions' tab select the"Change Status" option.

Please note, the 'Actions' tab will only be active when at least a single issue has been selected.

The remediation actions can be invoked from the Remediation Actions popup in the .

Open Source auto remediation
Secrets auto remediation
Dashboard
SDLC Inventory
Dashboard
change status button located under project name header when inspecting an issue
Selecetion box to choose the issue status
The change status option showing under the actions tab once an issue is selected