Updating Inventory Review and Remediation Settings for a Project

You can overwrite default settings that configure the automation of the review, remediation, and status notification processes for published inventory in your project. These settings, which work in conjunction with the set of policies in the project’s policy profile, are used to set up the following in your project:

•

The policy profile to associate with the project. The policies in the selected profile work in conjunction with the review, remediation, and notification configuration defined on this tab.

•

Automatic creation of manual review tasks for inventory items not reviewed by policy during publication performed as part of a scan. The tasks are automatically assigned to the default legal or security contact that you specify.

•

Automatic creation of remediation tasks and associated external work items for inventory that is rejected either automatically by policy or during manual publication by an analyst. The tasks are automatically assigned to the default engineering contact that you specify.

•

Automatic rejection of published inventory impacted by new vulnerabilities detected in the latest scan or Electronic Update.

•

The automatic generation of email notifications only (instead of assigned tasks), which are sent to the Project Contact as alerts concerning the rejected or non-reviewed published inventory items.

To update settings that automate review, remediation, and status notification processes for published inventory, do the following:

As the Project Administrator, navigate to the Summary tab (see Opening the Project Summary Tab).

From the Manage Project menu, Edit Project. The Edit Project window opens.

Select the Review and Remediation Settings tab.

Update the fields as needed. Refer Edit Project: Review and Remediation Settings Tab to for field descriptions.

Click Save to save the changes.