Audito Docs
HomeDashboard

Docs

Triage

Work the findings inbox: filter, expand, decide, and snooze.

The findings inbox

Triage lives at /dashboard/findings. It's the global view across every library you own — not per-library — so you can work the queue without context-switching.

Filter the queue

The toolbar at the top supports three filters that compose:

  • StatusOpen (default), Accepted, Dismissed, Snoozed. Snoozed findings auto-return to Open once the snooze date passes.
  • Severity — CRITICAL / HIGH / MEDIUM / LOW / UNKNOWN. Multiple values are OR-ed.
  • Library — narrow to a single library when you only want to look at one service.

A search box at the top filters on package name and OSV id, so CVE-2024-12345 or lodash jumps you straight to the right rows.

Expand a row

Click any row to expand it. You'll see:

  • The dependency that produced the finding (ecosystem, package, resolved version) with a link to the library.
  • The OSV summary and references (advisory pages, fix versions where known).
  • Decision history — every prior status change with timestamp, reason, and who made it. Useful when you come back in three months and wonder "why did we accept this?"

Make a decision

The triage menu on each row offers four states:

  • Accept — "we know about this and it's fine." Optionally add a reason (e.g. not exploitable in our usage).
  • Dismiss — "this isn't a real issue for us" (false positive, not in our call path, etc). Reason recommended.
  • Snooze — hide it until a date you pick. Snoozes always have a snoozed_until in the future; the validator rejects past dates.
  • Reopen — moves a previously-decided finding back to open.

Each decision is a single upsert keyed on (owner, dependency_id, osv_id), so changing your mind doesn't accumulate duplicate rows — there's exactly one current state per finding.

Where decisions show up

Decisions sync back automatically:

  • The library detail page open-findings list reflects the new status as soon as you save.
  • The posture hero on /dashboard recomputes the open count and the severity rollup chips.
  • The activity feed records each decision with a stable action key (decision.created, decision.updated) so weekly digest emails can reference it.

If you're triaging from outside the dashboard, the triage_finding MCP tool writes the same decision row, so inbox + Claude Code stay in sync.