When you create a Vulnerability Management Prevention policy, you also have the option to establish a remediation buffer period. Configuring a block grace period gives you additional time to resolve a vulnerability before the blocking action resumes.The grace period is based on the fix date of the vulnerability and allows you to override the blocking action of a policy when new vulnerabilities are detected. Follow the steps below to set up a block grace period:
Navigate to → → → .
Select an existing policy or create a new policy with the Add Policy button.
Add a Policy Name, Optional Description, and click Next.
Set the Policy Conditions and Policy Scope, as described under Create a vulnerabilty policy.
Select an Action that will be triggered when a finding matches the policy.
For Kubernetes Runtime protection, if you opt to Prevent new deployment requests, you can also select a block grace period, during which the preventive action will be suppressed. Enter a value in the Grace Period Days before Blocking Deployment field. The grace period begins on the fix publish date, or the date the vulnerability was published if a fix is not available. Blocking enforcement begins once the grace period has passed. Enter 0, to immediately start blocking action.
For Prevention Actions, if you opt toFail the build, you can also select a block grace period, during which the preventive action will be suppressed. Enter a value in the Grace Period Days before Failing the Build. Select Done to save your changes.