Skip to content

Triage Policy

Triage policies decide which findings are actionable — filtering out noise before ticket generation.

Expected Output

{
  "apply": true,
  "suggested_status": "confirmed",
  "filter_reasons": [],
  "matched_rules": []
}
Field Type Description
apply boolean Whether to act on this finding
suggested_status string Suggested finding status
filter_reasons string[] Why a finding was excluded
matched_rules string[] Which Rego rules matched

When It Runs

  • After every scan completes (post-processing)
  • During Jira ticket generation (preview funnel)

Example: Filter by severity and CWE

package mayo.k.triage

default result := {"apply": false, "filter_reasons": ["below threshold"]}

result := {"apply": true, "suggested_status": "confirmed"} if {
    input.finding.severity == "critical"
}

result := {"apply": true, "suggested_status": "confirmed"} if {
    input.finding.severity == "high"
    input.finding.cwe_id != null
}