Remediation Queue

The Remediation Queue is a Kanban board that tracks security fixes from the moment a finding appears to the moment the change is merged. Each card represents one finding being remediated, and its position on the board tells you exactly where that work stands. Open it from the Review queue card on your dashboard, or from the Remediation area in the app.

The four stages

Cards flow left to right through four stages:

• Findings — unaddressed issues pulled from your recent reports. Nothing has been done yet.
• Remediate — the AI is generating a fix for the finding.
• Review — a pull request is open in your repository and is waiting for you to review, approve, and merge it.
• Approved — the terminal stage: the fix has been approved and/or merged.

A card’s stage is derived from the status of its pull request — so the board always reflects what has actually happened in your repository rather than a separate status you have to keep in sync.

Side states

Two cards live off the main flow:

• Blocked — the fix can’t proceed and needs attention.
• Rejected — you declined the fix; any open pull requests were closed.

Note

Stages describe forward progress; side states describe work that has stalled or been turned down. See Working the board for how cards move between them.

How findings reach the board

Findings come from your recent security reports. Each card is identified by the combination of your organization, the finding, and the report it came from, so the same issue from the same report appears once.

Findings you’ve formally accepted as a risk are kept off the board entirely — accepting a risk is the explicit alternative to remediating it.

Caution

Remediation generates code fixes as pull requests, so it requires an active version-control connection on your organization. Without one, you can’t trigger fixes from the board.

Metrics

The top of the board shows KPI stat cards — for example, how many findings you’ve remediated this week, how many fixes are still pending, your mean time to remediate, and how many high-risk findings remain open.

Permissions

Configuring the board and taking actions on it — triggering a fix, approving, rejecting, or changing guardrail policy — are gated by allow-rules. Members without the right permission simply don’t see those controls.

Where to go next

• Working the board — move cards and trigger AI fixes.
• Reviewing & approving fixes — handle pull requests.
• Guardrails & policies — control auto-merge behavior.
• Remediation history — the read-only record of completed work.