In order to streamline the vulnerability management process and allow users to focus on actionable data, API Attack Surface Management (AASM) now automates the evaluation and updating of discovered Security Issues after each scan. Here’s how it works:

• After every scan, AASM compares the new scan results with the current state of each Security Issue.
• If the scan job completes successfully and changes are detected in the findings, the relevant Security Issue may be automatically closed or reopened.
• Each status update is logged in the Status History of the Security Issue.
• A comment is added to explain the reason for the change.

Possible closure reasons include:

• Port not found during last scan — the previously open port is now closed.
• Network service has changed — e.g., the service on the port changed, for example from SSH to HTTP.
• New version of the product detected — indicating a product upgrade.
• Vulnerable version no longer present — the outdated component has been removed
• Vulnerability not detected during last scan — the issue is no longer observable.

This feature automates and simplifies vulnerability management by updating issue statuses based on scan results, reducing manual effort and ensuring accurate, real-time tracking of security risks.

Additional information is available in the documentation.