Conversation
Customers failing an evidence item because of an intentional finding (e.g. an S3 bucket that must stay public for a static website redirect) had no way to accept it — the task stayed failed with no route to resolve it. The exception mechanism already existed end to end: FindingException rows keyed (connection, check, resource) are honored by both task run paths and the task run display. What was missing was a way to create/revoke them from the evidence item view. - app: failing check results on a task now offer "Mark out of scope" (captures a documented reason via the shared MarkExceptionModal, moved to components/integrations with copy overrides); excepted results show the reason and offer "Move back in scope" (revoke) - app: after a scope change the check re-runs automatically so the task status updates immediately - api: task check runs response now carries exceptionId + exceptionReason on excepted results (ActiveExceptionSet optionally carries metadata) - actions gated by integration:update, matching the endpoints
…t-of-scope-aws-access
- re-run guard now only skips when the SAME check is in flight — a run of a different check doesn't recompute this one, so it must not suppress the re-run after a scope change - findings and out-of-scope lists are expandable beyond the first three sampled rows, so every sampled resource is markable/revocable - the reason field label follows the surface copy (out-of-scope wording on evidence items) via a reasonLabel override
…rk-resources-out-of-scope-aws-access feat(app): mark evidence check resources out of scope
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
…rols (#3433) ## Problem Statement of Applicability locks all ISO 27001 §7 (physical security) controls to "Not Applicable" for remote orgs, preventing edits. But some §7 controls genuinely apply to remote companies like clear desk policies for home workstations, off-premises asset security, and secure equipment disposal. Users can't mark these as applicable even though they should be audit-relevant. ## Root cause The remote org detection blankets the entire §7 section with a lock. The logic treats all physical security controls as inapplicable for fully-remote orgs, but controls 7.7, 7.9, 7.10, and 7.14 deal with endpoint security and offboarding rather than on-premises facilities. ## Fix Narrow the auto-lock to only premises-bound controls (7.1 7.6, 7.8, 7.11 7.13). Leave endpoint and off-premises controls (7.7, 7.9, 7.10, 7.14) editable. Updated the control classification check in the SoA service to distinguish between physical premises and remote-applicable controls. Screen and PDF export remain in sync. ## Explicitly NOT touched - The remote org detection itself - Controls outside §7 - The PDF export logic (kept in sync with screen state) ## Verification ✅ Remote org §7 premise controls (7.1 7.6, 7.8, 7.11 7.13) remain locked ✅ Remote-applicable controls (7.7, 7.9, 7.10, 7.14) are now editable ✅ Edit icons appear for previously locked rows ✅ PDF export matches screen state ✅ Non-remote orgs unaffected
Contributor
|
🎉 This PR is included in version 3.104.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.
Summary by cubic
Lets users mark evidence-task check results “out of scope” (with a reason) and revoke them later, and fixes SoA behavior for ISO 27001 §7 on fully remote orgs so saved answers remain editable and exports match the screen. Addresses CS-719 and CS-749.
New Features
MarkExceptionModaltocomponents/integrationswith copy overrides for out-of-scope; added tests for run history and modal.ActiveExceptionSetcarries metadata (id,reason);loadActiveExceptionSetselects and returns it.exceptionIdandexceptionReasonon excepted results.Bug Fixes
Written for commit 024ced4. Summary will update on new commits.