High Risk Triage
Use Security > High Risk to focus on critical and high-severity findings first.
Recommended triage process
- Filter to the production account or environment when needed.
- Open critical findings first.
- Confirm the affected resource and account.
- Assign remediation work in your normal issue tracker.
- Acknowledge reviewed findings.
- Accept risk only when your organization has approved the exception.
- Re-scan after fixes are merged or applied.
What not to do
- Do not use Acknowledge to hide unresolved risk from compliance reviews.
- Do not use Accept risk as a general backlog marker.
- Do not assume a finding is resolved until a scan no longer detects it.