Work Items & SLA Governance
How remediation work is tracked, dispatched, and held to SLA deadlines.
A work item is the unit of remediation — it turns vulnerability findings into an assigned, tracked, and deadline-governed task.
What a work item tracks
Each work item carries an assignee, a severity level inherited from its findings, an SLA deadline, and an optional link to an external ticket in Jira, ServiceNow, or Linear. One work item can group multiple related findings when a single fix resolves all of them.
SLA governance
Basirah assigns SLA deadlines based on severity. Your organization configures the deadline for each severity level through SLA policy settings. The SLA clock starts when a work item is assigned and pauses if work is blocked or under an approved exception. Time already elapsed before a pause is preserved — the clock doesn’t reset.
When deadlines approach or are breached, Basirah sends escalation notifications through your configured channels (email, Slack, or Microsoft Teams).
If verification fails — meaning the scanner still detects the vulnerability after a fix — the work item reopens with a fresh SLA deadline. The original elapsed time doesn’t carry over.
Dispatch to external trackers
Work items don’t replace your ticketing system — they sit above it. When you dispatch a work item, Basirah creates a corresponding ticket in the target system. Status changes flow in both directions: when someone transitions a Jira ticket to “Done”, Basirah moves the work item to pending verification. When Basirah verifies a fix, it can push the status back to the external tracker.
Supported ticketing targets include Jira Cloud, Jira Server/Data Center, ServiceNow, Azure DevOps, Linear, and GitHub Issues.