Vulnerability Remediation SLA

Scan Schedule

All container images are rescanned weekly (Monday 06:00 UTC) against the latest Grype vulnerability database. Scans also run on every pre-release build.

Remediation SLAs

Triage Process

When a scan identifies a new vulnerability:

1. Assess — determine severity and whether the vulnerable code path is reachable
2. Remediate — update the affected package within the SLA window
3. Document — if not affected or mitigated, record a VEX statement which also suppresses the finding in future scans

Policy Source

This policy is defined in sla-policy.yaml and rendered here automatically.