Remediation Database

Remediation DB is where users can enter remediation advice on a CWE basis for the use of software developers. The maximum number of characters allowed is 1000. The remediation advice entered here will appear for vulnerabilities with the related CWE ID's;

  • Under the vulnerability details drawer
  • In the issue opened on the issue manager


These remediation advice can be entered only by the admin level users and can be edited and deleted afterward.

Deleting the remediation advice will result in the information disappearing from the vulnerability details on Kondukto. If there have been any issues opened for the vulnerability in the meantime, the information will remain on the issue manager.

When a developer enters a comment starting with "kondukto:" on the issue manager (the status of the issue should also be closed on the issue manager), Kondukto captures that information and adds it automatically to the Remediation DB so that software developers can benefit from the remediation know-how that accumulates in the organization.

The admin level user can delete these comments coming from the issue manager if there is anything that is not appropriate for the solution of the vulnerability.