Allowed values for vulnerability.status

The lifecycle state of a vulnerability finding on an asset. Use this field to distinguish between vulnerabilities that are currently present and those that have been remediated.

Integrations that consume incremental or delta APIs should map their vendor-specific status values to one of the allowed values below. Integrations that consume full-snapshot APIs (where every record represents a currently open vulnerability) should set this field to open. Full-snapshot sources never produce fixed records.

Allowed values

• open
• fixed
• reopened
• unknown

Vulnerability is currently present on the asset.

Vulnerability has been remediated and is no longer present on the asset.

Vulnerability reappeared on the asset after previously being fixed. From a filtering perspective this is treated the same as open, but it signals a regression that matters for SLA tracking.

The lifecycle state of the vulnerability cannot be determined. This is the appropriate value for full-snapshot integrations that do not provide lifecycle data, or when the source data does not include status information.