Abstract
Backlog represents pre-existing code issues discovered by a scanner's first run or by new rules.
In managing application security, it's crucial to distinguish between backlog issues and new issues. Backlog issues represent the security technical debt- vulnerabilities that existed in a code repository or branch before a security scanner's initial run, or were uncovered by new scanner capabilities or rules. This collection defines a historical backlog point for a codebase. New issues are fresh vulnerabilities introduced into the codebase, typically through recent changes such as pull requests. This classification allows you to implement tailored security policies and prioritize remediation efforts more effectively.