Reference: Statuses and Severities#
This page provides a quick reference for all status values and severity levels used throughout SilentBolt.
Finding Severity Levels#
| Level | Badge Color | Numeric Range | Description |
|---|---|---|---|
critical |
Red | 90–100 | Actively exploitable with high business impact. Requires immediate action. |
high |
Orange | 70–89 | Significant risk. Should be addressed urgently within days. |
medium |
Yellow | 40–69 | Moderate risk. Plan for remediation in normal sprint cycles. |
low |
Blue | 10–39 | Minor risk. Address when convenient or during refactoring. |
info |
Gray | 0–9 | Informational only. No direct security risk, but worth awareness. |
Technical Severity vs. Effective Severity#
- Technical severity: the raw level from the detection tool/template. Immutable.
- Effective severity: adjusted by governance status. Accepted risk and false positive findings have reduced effective severity.
Finding Governance Statuses#
| Status | Meaning | Effect on Effective Severity |
|---|---|---|
open |
Newly discovered or awaiting triage | No adjustment |
in_progress |
Under active investigation or remediation | No adjustment |
false_positive |
Not a real vulnerability | Reduced to info |
accepted_risk |
Real issue, risk accepted (requires expiry date) | Reduced |
resolved |
Remediated and verified | Reduced to info |
reopened |
Previously resolved, reappeared in a later scan | No adjustment |
For full governance lifecycle details, see Finding Governance.
Scan Statuses#
| Status | Description | Terminal? |
|---|---|---|
queued |
Scan created; waiting in the job queue | No |
running |
Scan pipeline actively executing | No |
done |
All pipeline phases completed successfully | Yes |
failed |
An unrecoverable error occurred | Yes |
canceled |
Manually canceled by a user | Yes |
Orchestration Session Statuses#
| Status | Description | Terminal? |
|---|---|---|
draft |
Session created; no test types selected | No |
preparing |
AI generating tool configurations and workflow | No |
ready |
Workflow prepared; ready for execution | No |
running |
Tools executing sequentially | No |
completed |
All steps finished successfully | Yes |
failed |
One or more steps failed | Yes |
canceled |
Manually canceled by a user | Yes |
Orchestration Step Statuses#
| Status | Description |
|---|---|
pending |
Step created; not yet started |
running |
Container executing |
completed |
Tool finished successfully |
failed |
Tool returned an error |
skipped |
Step was skipped (e.g., due to session cancellation) |
AI Review Statuses#
| Status | Description |
|---|---|
queued |
Review task enqueued; waiting to be processed |
running |
AI is analyzing findings |
completed |
All findings analyzed; suggestions available |
failed |
AI error or timeout during analysis |
AI Review Suggested Actions#
| Action | Meaning |
|---|---|
keep_open |
Leave the finding open for manual investigation |
false_positive_candidate |
AI believes this is likely a false detection |
accept_risk_candidate |
AI suggests accepting the risk (requires expiry date via governance) |
resolve_candidate |
AI suggests the finding may be ready to resolve |
set_in_progress_candidate |
AI suggests moving to in-progress for investigation |
needs_manual_review |
AI cannot confidently triage; requires human judgment |
Drift / Change Types#
| Label | Meaning |
|---|---|
new |
Finding not present in baseline or previous scan |
changed |
Finding existed previously but attributes changed (e.g., severity) |
resolved |
Finding was present before but absent in current scan |
regression |
Finding was previously resolved but has reappeared |
Domain Statuses#
Verification Status#
| Status | Meaning |
|---|---|
pending |
Domain added; verification not yet attempted |
verified |
Ownership confirmed via DNS TXT or email |
Authorization Status#
| Status | Meaning |
|---|---|
pending |
Domain verified but not yet approved for scanning |
approved |
Admin has authorized scanning |