Finding States

Learn what finding states mean.

We move the pentest to Closed once you’ve resolved all findings. Until then, the pentest is in Remediation.

You can filter findings by their state on the Findings tab of the pentest page.

Filter findings by state

Finding State	Description
Triaging	Potential vulnerability that pentesters triage and validate after posting.
Pending Fix	Pentesters validated the finding and assigned a severity level to it based on the likelihood of occurrence and business impact. You can now: Fix the finding and submit it for retest. If the issue persists after the retest, pentesters move the finding back to Pending Fix. Mark the finding as Accepted Risk.
Ready for Retest (Retest)	You fixed the finding internally and submitted it for retest. Pentesters retest the finding and then change its state to: Fixed, if they can’t reproduce the issue. Pending Fix, if the issue persists. Read the pentester’s comment for details.
Resolved	This includes three states: Fixed: After you submitted the finding for retest, pentesters verified that you fixed the issue internally. They couldn’t reproduce the issue. Accepted Risk: You accepted the finding as a low risk. Carried Over: Finding that you haven’t fixed during the previous pentest for the same asset. When you launch a new pentest, we create a finding in the Carried Over state. In the previous pentest, the finding always appears as Carried Over even if you fixed it in the next pentest. This status does not apply to In-House Pentests.

If you’re an In-House Pentester who works on an In-House Pentest, you see additional statuses:

Draft: You saved a finding as a draft.
Declined: After triaging a finding, you decline it because it’s not a vulnerability.
Out of Scope: The vulnerability is out of scope for this pentest.
Duplicate: The vulnerability already exists on the pentest.

Last modified November 14, 2024