Your First Finding-to-Fix Cycle
Walk through the complete remediation cycle from scanner import to verified closure.
This guide walks you through Basirah’s complete remediation cycle — from viewing an imported finding through verified closure.
Review imported findings
After your first scanner sync completes, browse the findings list. Filter by severity, source scanner, or affected asset to find a finding you’d like to remediate. Each finding shows its normalized severity, CVE references, and the asset where it was detected.
Create a work item
Select one or more related findings and create a work item. Assign an owner and Basirah will apply an SLA deadline based on severity. If the findings share the same root cause (e.g., a vulnerable package on one host), group them into a single work item.
Dispatch to your ticketing system
Optionally dispatch the work item to Jira, ServiceNow, or another connected ticketing system. Basirah creates the external ticket and keeps status in sync bidirectionally — changes in either system are reflected in the other.
Apply the fix
Remediate the vulnerability in your environment. The SLA clock is running, and Basirah will send escalation notifications as the deadline approaches.
Trigger verification
Once the fix is applied, move the work item to pending verification. Basirah triggers a re-scan through the original scanner and checks whether the vulnerability is still present. If it’s gone, the work item closes as verified. If it persists, the item reopens with a fresh SLA deadline.
Review the evidence package
After verified closure, Basirah automatically generates an evidence package — a timestamped bundle of the full remediation trail. You can export it for audit purposes or review it in the platform.