Get FDA readyServicesGuardian helpGet a demo

Import remediations from source to target product version

We are currently working on this feature and it should be available in our next release.

Speed up your vulnerability remediation process by importing existing remediation statuses from another product version. The import remediations feature allows you to carry forward CycloneDX and VEX remediation statuses from a source product version to your target product version, helping you avoid duplicate remediation work. Importing remediations helps maintain consistency across product versions while reducing the time needed to assess and remediate vulnerabilities.

Overview

You can import remediations in two ways:

  • Import for specific vulnerabilities: Select vulnerabilities first, then import remediations only for those selected items from the source version you select.

  • Import all available remediations: Import remediations for all previously remediated vulnerabilities from the source version you select.

Both approaches allow you to select which vulnerability remediations to carry forward and provide real-time feedback during the import process.

Import remediations for selected vulnerabilities

Use this approach when you want to import remediations for specific vulnerabilities you've already identified.

  1. On the Vulnerabilities page, select the vulnerabilities for which you want to import remediations by checking the boxes next to each vulnerability.

  2. Click Import remediations.

  3. In the Import remediations modal, select the source product version from which you want to import remediation statuses.

  4. Review the vulnerabilities table, which displays shared vulnerabilities between your selected items and the source version:

    • Vuln ID: The vulnerability identifier

    • CVSS v3: The CVSS v3 base score (CVSS v2 is hidden by default but can be displayed)

    • Rescore: Your custom rescore for this vulnerability

    • Exploitability: Exploitability assessment information

    • EPSS: Exploit Prediction Scoring System likelihood

    • CycloneDX status: Current CycloneDX remediation status

    • VEX status: Current VEX remediation status

    • Actions: Contains a Details button to open the vulnerability details modal

  5. Select the remediations you want to import by checking the boxes next to each vulnerability. You can only select whole remediation statuses (not individual status types like CycloneDX only).

  6. Click Confirm import of x remediations.

  7. In the confirmation modal, click Apply x remediations to proceed. This will display a processing modal, as detailed in Processing and completion.

Import all available remediations

Use this approach to import remediations for all previously remediated vulnerabilities from another version.

  1. On the Vulnerabilities page, click Import remediations without selecting any specific vulnerabilities.

  2. In the Import remediations modal, select the source product version from which you want to import remediation statuses.

  3. Review the vulnerabilities table, which shows all vulnerabilities that have been remediated to any status in the source version:

    • Target vuln ID: The vulnerability identifier in your current version

    • CVSS v3: The CVSS v3 base score (CVSS v2 is hidden by default but can be shown)

    • Rescore: Your custom rescore for this vulnerability

    • Exploitability: Exploitability assessment information

    • EPSS: Exploit Prediction Scoring System likelihood

    • CycloneDX status: Current CycloneDX remediation status

    • VEX status: Current VEX remediation status

    • Actions: Contains a Details button to open the vulnerability details modal

  4. Select the remediations you want to import by checking the boxes next to each vulnerability.

  5. Click Confirm import of x remediations.

  6. In the confirmation modal, review your selection and click Apply x remediations to proceed. This will display a processing modal, as detailed in Processing and completion.

Processing and completion

After clicking Apply x remediations, the import process begins:

Processing indication

  • A processing modal displays with a progress bar showing the import status

  • You can close the processing modal at any time - the import will continue in the background.

  • When you close the modal, you'll see a processing indicator in the filters toolbar

  • A toast notification confirms that remediations are being applied

  • A toast notification informs you when all remediations have been applied

Important: Do not close or refresh the page

While remediations are processing, avoid closing or refreshing your browser page. The system will notify you when the process is complete.

View updated statuses

After the import completes, you can see the imported remediations reflected in:

  • CycloneDX status column: Shows updated CycloneDX remediation statuses

  • VEX status column: Shows updated VEX remediation statuses

The imported statuses will now appear for the selected vulnerabilities in your current product version.

Tips for effective remediation imports

  • Choose the source version with the most shared vulnerability remediations: Select a source version that shares the most vulnerabilities with your target version for maximum efficiency.

  • Review before applying: Always review the vulnerabilities and statuses before confirming the import.

  • Monitor progress: Keep track of the processing indicator to know when the import is complete.

  • Verify results: After completion, review the updated CycloneDX and VEX status columns to confirm the import was successful.

PreviousLeverage AI-powered vulnerability guidanceNextRescore vulnerabilities in bulk or individually

Last updated

Was this helpful?