Skip to main content
availability

Package: Invicti AppSec Core (on-demand)

Configure target issue assignees

Issue assignee configuration controls who receives vulnerability findings when issues are created in your issue manager for a specific target. Properly configuring assignees ensures that the right team members are notified and responsible for remediation.

Prerequisites

Before configuring issue assignees, ensure you have:

  • Activated issue managers under Integrations (see Integrations overview)
  • Added and configured issue managers for your target

Steps to configure issue assignees

  1. Select Targets from the left-side menu.
  2. Click the target name to open the target dashboard.
  3. Select the Settings tab > Issue assignment.
  4. Configure the assignee options:
    • Committer when the committer is known: when enabled, Invicti AppSec first attempts to assign issues to the committer found on the software development platform. If the attempt fails, the issue falls back to the user specified in the Specific user field.
    • Specific user: select the user to whom issues are assigned when the committer of the vulnerability is unknown. The user must be a licensed Invicti AppSec user to appear in the dropdown.
  5. Click Save at the bottom of the page to apply the configuration.

Issue assignment hierarchy

When multiple assignee options are configured, Invicti AppSec follows this priority order:

  1. Committer of the vulnerability: assigned when the committer is known and the option is enabled.
  2. Specific user: the user selected under Issue assignment in target settings.
  3. Issue responsible for the team: the user assigned as issue responsible within the team owning the target.
  4. Token owner: if none of the above apply, the issue is assigned to the token owner generated on the issue manager.
info

The assignment hierarchy only applies when all options are configured. Each level acts as a fallback when the previous level cannot be resolved.

Set up custom criteria

You can create custom criteria to control which vulnerability types automatically generate issues in your issue manager.

To set up custom criteria:

  1. Navigate to the target's Settings tab > Issue assignment.
  2. In the Issue manager, open the Automation tab.
  3. Click +Add custom criteria to open the criteria modal.
  4. Define your criteria using the available dropdowns:
    • Field
    • Operand
  5. Combine multiple conditions using AND statements to create specific rules.
  6. Click Save to apply the criteria.
  7. The saved rule appears in the issue criteria table. From here you can edit (pencil icon), delete (trash bin icon), or duplicate (copy icon) the rule.
  8. You can also import globally defined presets by clicking Import Global Preset.
  9. Click Save at the bottom of the page to apply your configuration.
tip

Use combined conditions to target specific vulnerability types — for example, create criteria that open issues only for Critical and High severity vulnerabilities discovered by a specific scanner.

Automatic issue closure

When a vulnerability's status transitions to Closed in Invicti AppSec, the platform automatically attempts to close the associated issue in the issue manager. If the initial attempt fails, Invicti AppSec runs a scheduled daily retry at 12 AM.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?