Verification
How Basirah confirms remediation through independent re-scan, not just ticket closure.
Verification confirms — through a fresh scanner re-scan — that a remediated vulnerability is actually gone from the affected asset.
Why verification matters
A ticket marked “Done” tells you someone believes they applied a fix. It doesn’t tell you whether the vulnerability is still present. Patches get applied to the wrong host, container images don’t get redeployed, config changes get overwritten by automation. Without independent confirmation, your vulnerability counts drop on paper while actual exposure stays flat.
Compliance frameworks increasingly expect evidence that corrective actions were validated, not just that tickets were closed. Verification produces exactly that.
How it works
When a work item reaches pending verification — either through a manual status change or a bidirectional sync from your ticketing system — Basirah triggers a re-scan through the original scanner. If the vulnerability no longer appears in the fresh scan results, the fix is confirmed. If it’s still there, verification fails.
Some scanners support on-demand targeted re-scans, which produce results in minutes to hours. For scanners that only provide periodic exports, Basirah checks the next scheduled sync for updated results.
When a work item groups multiple findings, each is verified independently. If three out of four are confirmed resolved but one persists, the work item stays open and the assignee knows exactly which finding still needs attention.
What happens when verification fails
The work item reopens with a fresh SLA deadline. An escalation notification goes to the assignee and any configured escalation contacts. The linked external ticket receives a comment noting the failure and the new deadline.
Feeding into evidence
Verification results are recorded with timestamps and feed directly into evidence packages — providing auditors with scanner-confirmed proof that the vulnerability was resolved, not just that a ticket was closed.