ASM Vulnerability Scan Status and Scanner Behavior

we are new to working with ASM and have encountered an issue related to a vulnerability in our application that was detected by EcoScanner. After collaborating with Atlassian support team, we created and deployed a patch for this vulnerability. We marked the ticket as “Pending Scanner Verification” right after it. However, it has remained in this status for several days now.

We’ve noticed that the Scan Timestamp is dated 28.10. (patch was deployed before this date), but the status has not changed. We have some questions:

  1. How can we determine whether the patch has resolved the problem, and what is the current status of the verification process?
  2. Does the scanner manage this automatically?
  3. Is it possible that the scanner is waiting for the Remediation Due Date to automatically verify the issue and close the ticket as “Patched” if the vulnerability is indeed fixed?

Thank you for your assistance.

1 Like

“Our automated scanner EcoScanner re-validates the vulnerability once everyday. The ticket will be automatically closed within 24 hours if the vulnerability has truly been remediated by the patch. If the AMS ticket is related to a Bug Bounty, please update the status on the submission, and the automation will sync the status, resolving the AMS ticket. However, if you notice that it’s not resolving after applying the patch, please leave a comment on the ticket with details on the fix and change the ticket status to ‘Atlassian Input Requested’ or ‘In Review’”

1 Like