---
title: "Issues"
---

((Issues)) let you group one or more vulnerabilities together for tracking, prioritization, and remediation. An issue captures a point-in-time **snapshot** of every (vulnerability, asset) pair it contains so that the original context is preserved even if the asset or vulnerability later changes.

Use issues to:

- Roll several related vulnerability instances up into a single unit of work.
- Assign a risk level, state, and due date and track progress over time.
- Record decisions and discussion in a per-issue timeline.
- Push the issue out to Jira as an external ticket and keep the runZero timeline in sync via a [Jira webhook](docs/jira.md).

## What is an issue

Each issue has the following fields:

- **Name** &mdash; a short label that identifies the issue.
- **Description** &mdash; longer free-form context about the issue.
- **Remediation** &mdash; remediation guidance for the people doing the work.
- **Risk** &mdash; one of `none`, `low`, `medium`, `high`, or `critical`. The default is the highest risk found across the issue's vulnerabilities at creation time.
- **State** &mdash; one of `open`, `in progress`, `closed`, or `resolved`. As long as the state is not `closed`, `resolved` is set automatically by runZero when all instances have been remediated (see [Automatic remediation tracking](#automatic-remediation-tracking) below), or it can be set via a [Jira webhook state mapping](docs/jira.md#state-mapping-and-bidirectional-sync).
- **Due date** &mdash; optional target date for resolving the issue.
- **Instances** &mdash; the (vulnerability, asset) pairs captured in the snapshot.

## Creating an issue

You can create issues from anywhere in the runZero Console that shows vulnerabilities or groups of vulnerabilities:

- The [vulnerability groups inventory](docs/search-query-vulnerability-groups.md)
- The [findings inventory](docs/understanding-findings.md)
- The [vulnerabilities by asset inventory](docs/search-query-vulnerabilities.md) table.
- The [findings] 
- The vulnerabilities card on an [asset](docs/understanding-assets.md) details page.
- The vulnerabilities table on a [findings](docs/em-findings.md) details page.
- The vulnerabilities table on a [certificate](docs/certificates-inventory.md) details page.
- A [vulnerability](docs/understanding-findings.md) details page.

Select one or more vulnerabilities and click **Create issue**. You will be taken to a draft issue where you can edit the name, description, solution, risk, and due date before saving. Once saved, the issue is added to the [Issues page](https://console.runzero.com/issues/) for the current organization.

A snapshot of each selected vulnerability and its asset is stored on the issue at creation time. This means the issue keeps showing the original instance details even if the underlying asset is later modified, deleted, or rescanned.

## Working with an issue

The issue details page is split into three sections:

- **Header** &mdash; name plus quick-edit risk, state, and due date.
- **Summary** &mdash; description and remediation guidance.
- **Instances** &mdash; the table of vulnerabilities captured in the snapshot, with a slideout with vulnerability and snapshotted asset details. Instances whose vulnerability has since been remediated are flagged.
- **Comments** and **History** tabs &mdash; the issue timeline (see below).
- **Sidebar** &mdash; risk, state, due date, and the linked Jira ticket, if one has been created.

### Comments and history

The issue timeline records three kinds of entries:

- **User events** including changes to the issue fields and comments authored by a runZero user from the **Comments** tab.
- **System events** that runZero generates automatically (state changes, ticket creation, and similar actions).
- **Jira events** that arrive via the [Jira webhook](docs/jira.md#configuring-the-jira-webhook), one timeline line per changelog item on the linked ticket.

The **Comments** tab shows comments only; the **History** tab shows everything in the timeline.

## Automatic remediation tracking

Whenever a scan, import, or integration import finishes for an organization, runZero recomputes the **remediated instances** counter for every non-closed issue in that organization. An instance is considered remediated when the original vulnerability is no longer present on the original asset.

If the state has been set to `closed`, runZero will not recomputed the remediated instances and will not make any automated changes to the state.

When every instance on an issue has been remediated, runZero automatically transitions the issue to the `resolved` state.

If an issue is in the `resolved` state and one or more of its vulnerabilities are later detected on the original asset again, runZero automatically moves the issue back to `in progress` to alert you to the regression.

## Linking a Jira ticket

You can push an issue out to Jira as an external ticket by frist creating a [Jira credential](docs/jira.md#creating-the-jira-credential). The Issues page sidebar shows a **Create Jira ticket** action that allows you to select the Jira credential and optionally upload a CSV of the issue's instance snapshot as a Jira attachment. After the ticket is created, the runZero issue stores the Jira issue key, a deep link to the ticket, and the credential and Jira base URL used. See the [Jira integration](docs/jira.md) page for full details.

## Permissions {#issue-permissions}

- **Viewing** issues requires read access to the organization the issue belongs to.
- **Creating, editing, and deleting** issues requires write access to that organization.
- Issues are not visible from the **All organizations** view; switch into a specific organization to use the Issues page.