Urgency is integrated throughout Application Security and ASPM in the tenant. It is supported for issues identified by periodic scanners across CVE Vulnerabilities, Secrets, IaC Misconfigurations, and Code Weaknesses.
ASPM Command Center
Urgency is the prioritization engine that powers the ASPM Command Center issue funnel. The Command Center displays Urgency distribution across all supported scanner categories, Vulnerabilities, IaC Misconfigurations, Secrets, and Code Weaknesses, enabling AppSec Managers to assess the organization's risk posture.
What urgency delivers to the command center:
Issue funnel prioritization: Urgency classification determines the order in which issues appear in the Command Center issue funnel and Top Urgent issues surface first ensuring that governance attention focuses on the highest-risk findings
SLA tracking by urgency tier: The Command Center measures remediation compliance against SLA targets defined per Urgency level and AppSec Managers monitor whether Top Urgent and Urgent issues are remediated within the defined time windows
Systemic risk identification: A high concentration of Top Urgent issues in a specific scanner category or application indicates a systemic gap and AppSec Managers use Urgency distribution to determine whether the situation requires a prevention policy such as blocking the vulnerability pattern at PR or CI scan rather than individual issue remediation
Remediation delegation: Urgency classification drives the delegation workflow from AppSec Managers to AppSec Practitioners where Top Urgent issues receive immediate delegation and Not Urgent issues are scheduled for maintenance cycles
Application Security Dashboard
Urgency is visible through the Open Issues by Urgency and Scan type widget. To access, navigate to → .
Issues tables
The dedicated Application Security Issues tables display Urgent issues.
Filter by Urgency: Filter the issues table to display only Urgent and Top Urgent issues: Select the → to display only high-priority issues. Alternatively, use the filter query parameter: Urgency=URGENT,TOP_URGENT
Sort by Urgency: Sort the issues table by urgency to display the highest-priority issues first using the Urgency column header to sort or through the filter query: sortBy=urgency&order=desc
Tip
Combine Urgency filters with scanner type filters to focus on the highest-risk issues for a specific scanner category (for example, Top Urgent vulnerability issues or Urgent secrets issues).
Issues side-card
The Overview tab of an issue side panel displays a Urgency Details section, including all contributing metrics with labels, descriptions, and values. A code to cloud graph displays where the Urgency context was detected across your software development lifecycle.
Urgency level badge: The current Urgency classification (Top Urgent, Urgent, Not Urgent, or N/A) displayed as a color-coded badge
Contributing metrics: All metrics that contributed to the Urgency classification, displayed with their labels, descriptions, and current values. Metrics are displayed in the order defined by the Urgency field metadata used to calculate the Urgency score
Note
EPSS Score, CVSS Score, Exploit Maturity, Exploit Availability, Fixable, Is Deployed, Visibility, Validation metrics are displayed even when the value is false or zero. Other metrics are displayed only when the value is present and non-null
For more about Urgency metrics refer to Urgency metrics
Stale indicator: A warning message displayed when the urgency calculation is older than 12 hours relative to the issue's last update. Stale Urgency indicates that the classification may not reflect the current state of the issue. The Urgency engine recomputes the classification during the next periodic scan
Always-displayed metrics: Certain metrics are always displayed regardless of their value. For vulnerability issues: EPSS Score, CVSS Score, Exploit Maturity, Exploit Availability, Fixable, and Is Deployed. For secrets issues: Visibility, Validation, and Is Deployed. These always-displayed metrics provide consistent context for every issue
Calculation failed message: A message displayed when urgency is Not Applicable on a periodic scan, indicating that the Urgency engine will retry during the next periodic scan
References
For more information about investigating and remediating issues using Urgency alongside other security metrics, categorized by scanner type, refer to:
CVE vulnerabilities: Investigate and remediate CVE vulnerability issues
IaC misconfiguration: Investigate and remediate IaC misconfiguration issues
Code weaknesses: Investigate and remediate code weakness issues