Issues Management¶

Issues represent security findings identified during scans. The Escape CLI provides comprehensive capabilities for listing, filtering, and managing security issues across your application portfolio.

Understanding Issues¶

Security issues in Escape include:

Vulnerabilities - SQL injection, XSS, authentication bypass, etc.
Misconfigurations - Weak security headers, exposed debug endpoints
Information Disclosure - Leaked credentials, verbose error messages
Protocol Issues - Missing encryption, weak TLS configuration
Business Logic Flaws - BOLA, mass assignment, rate limiting issues

Each issue includes:

Severity rating (Critical, High, Medium, Low, Info)
Detailed description and impact analysis
Reproduction steps
Remediation guidance
Affected endpoints or components

Listing Issues¶

View all security issues across your organization.

escape-cli issues list

Aliases: list, ls

Example Output:

ID                                      SEVERITY    TYPE    CATEGORY                  NAME                                         IGNORED    URL
00000000-0000-0000-0000-000000000001    HIGH        API     INJECTION                 SQL Injection                                false      https://app.escape.tech/issues/xxx
00000000-0000-0000-0000-000000000002    MEDIUM      API     PROTOCOL                  Insecure Security Policy header              false      https://app.escape.tech/issues/xxx
00000000-0000-0000-0000-000000000003    LOW         API     INFORMATION_DISCLOSURE    Debug mode enabled                           false      https://app.escape.tech/issues/xxx

Filtering Issues¶

Use powerful filters to find specific security findings:

# Filter by severity
escape-cli issues list --severity HIGH,CRITICAL

# Filter by status
escape-cli issues list --status OPEN

# Filter by specific profile
escape-cli issues list --profile-id <profile-id>

# Filter by asset
escape-cli issues list --asset-id <asset-id>

# Free-text search
escape-cli issues list --search "SQL injection"

# Combine multiple filters
escape-cli issues list --severity HIGH --status OPEN --asset-id <asset-id>

Available Filters:

Flag	Short	Description	Example Values
`--severity`		Issue severity	`CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFO`
`--status`		Issue status	`OPEN`, `MANUAL_REVIEW`, `IN_PROGRESS`, `RESOLVED`, `FALSE_POSITIVE`, `ACCEPTED_RISK`, `REOPENED`
`--profile-id`	`-p`	Filter by profile ID	UUID or comma-separated UUIDs
`--asset-id`	`-a`	Filter by asset ID	UUID or comma-separated UUIDs
`--domain`	`-d`	Filter by domain name	Domain string
`--issue-id`	`-i`	Filter by specific issue IDs	UUID or comma-separated UUIDs
`--scan-id`		Filter by scan ID	UUID
`--tag-id`	`-t`	Filter by tag ID	UUID
`--risk`	`-r`	Filter by risk level	Risk classification
`--asset-class`		Filter by asset classification	Asset class type
`--search`	`-s`	Free-text search	Any string

Getting Issue Details¶

Retrieve comprehensive information about a specific issue.

escape-cli issues get <issue-id>

Aliases: describe, show

Example:

escape-cli issues get 00000000-0000-0000-0000-000000000001

Output includes:

Issue ID and name
Severity and category
Detailed description
Affected endpoint or component
Reproduction steps
Remediation guidance
Related CWE/CVE identifiers
Issue status and history

JSON output for detailed analysis:

escape-cli issues get <issue-id> -o json

Viewing Scan-Specific Issues¶

List all issues found in a specific scan:

escape-cli scans issues <scan-id>

Aliases: issues, results, res, result, iss

Example:

escape-cli scans issues 00000000-0000-0000-0000-000000000001

This shows issues specific to that scan execution, useful for:

Tracking new issues in recent scans
Comparing issues across scan runs
Generating scan reports
CI/CD pipeline integration

See Scans Management for detailed scan issue commands.

Updating Issues¶

Update issue status to track remediation progress.

escape-cli issues update <issue-id> --status <STATUS>

Aliases: set-status

Available Statuses:

Status	Description
`OPEN`	Newly discovered, awaiting review
`MANUAL_REVIEW`	Under investigation by security team
`IN_PROGRESS`	Actively being fixed by developers
`RESOLVED`	Fixed and verified
`FALSE_POSITIVE`	Determined not to be a real issue
`ACCEPTED_RISK`	Acknowledged but not fixing (with justification)
`REOPENED`	Previously resolved but found again

Example updates:

# Mark issue under review
escape-cli issues update <issue-id> --status MANUAL_REVIEW

# Mark as in progress when fixing
escape-cli issues update <issue-id> --status IN_PROGRESS

# Mark as resolved after fixing
escape-cli issues update <issue-id> --status RESOLVED

# Mark as false positive
escape-cli issues update <issue-id> --status FALSE_POSITIVE

# Accept risk
escape-cli issues update <issue-id> --status ACCEPTED_RISK

Workflow Example:

New issue discovered: OPEN
Security team reviews: MANUAL_REVIEW
Assigned to developers: IN_PROGRESS
Fix deployed and tested: RESOLVED

Bulk updates:

# Update multiple issues from a list
cat issue_ids.txt | xargs -I {} escape-cli issues update {} --status IN_PROGRESS

Viewing Issue Activity¶

View the complete activity history and timeline for an issue.

escape-cli issues list-activities <issue-id>

Aliases: ls-activities, activities, history, timeline

Example:

escape-cli issues list-activities 00000000-0000-0000-0000-000000000001

# Export activity history
escape-cli issues list-activities <issue-id> -o json

Activity types include:

Issue creation and first detection
Status changes (with timestamp and author)
Scan detections (when issue appears in new scans)
Resolution confirmations
Reopen events

This audit trail helps track:

Who changed what and when
How long issues remain open
Resolution verification
Issue recurrence

Issue Severity Levels¶

Understanding severity helps prioritize remediation:

Critical¶

Impact: Immediate security risk, potential data breach
Examples: SQL injection, authentication bypass, RCE
Action: Fix immediately, escalate to security team
Timeline: 24-48 hours

High¶

Impact: Significant security risk, potential unauthorized access
Examples: Stored XSS, BOLA, weak authentication
Action: Prioritize in current sprint
Timeline: 1-2 weeks

Medium¶

Impact: Moderate security risk, potential information disclosure
Examples: Missing security headers, debug mode enabled
Action: Schedule for upcoming sprint
Timeline: 2-4 weeks

Low¶

Impact: Minor security concern, limited exploitability
Examples: Verbose error messages, outdated dependencies
Action: Include in regular maintenance
Timeline: Next release cycle

Info¶

Impact: Informational finding, security best practices
Examples: Security recommendations, hardening suggestions
Action: Consider for long-term improvements
Timeline: Backlog

Issue Categories¶

Common vulnerability categories in Escape:

Category	Description	Common Issues
`INJECTION`	Code injection vulnerabilities	SQL injection, NoSQL injection, command injection
`AUTHENTICATION`	Authentication weaknesses	Weak credentials, broken auth flows
`AUTHORIZATION`	Authorization flaws	BOLA, privilege escalation, IDOR
`PROTOCOL`	Protocol-level issues	Missing TLS, weak ciphers, insecure headers
`INFORMATION_DISCLOSURE`	Data exposure	Sensitive data in responses, verbose errors
`BUSINESS_LOGIC`	Application logic flaws	Mass assignment, rate limiting bypass
`CONFIGURATION`	Misconfigurations	Debug mode, default credentials

Filtering and Reporting¶

Export High-Severity Issues¶

escape-cli issues list --severity CRITICAL,HIGH -o json > high-severity.json

Count Issues by Severity¶

escape-cli issues list -o json | jq 'group_by(.severity) | map({severity: .[0].severity, count: length})'

Output:

[
  {"severity": "CRITICAL", "count": 2},
  {"severity": "HIGH", "count": 15},
  {"severity": "MEDIUM", "count": 42},
  {"severity": "LOW", "count": 28},
  {"severity": "INFO", "count": 10}
]

Generate CSV Report¶

escape-cli issues list -o json | jq -r '.[] | [.severity, .category, .name, .ignored] | @csv' > issues-report.csv

Find Issues in Specific Assets¶

# Get issues for a specific asset
ASSET_ID="00000000-0000-0000-0000-000000000001"
escape-cli issues list --asset-id $ASSET_ID -o json

Track New Issues¶

Compare issues between scans to identify newly discovered vulnerabilities:

# Get issues from latest scan
escape-cli scans issues <latest-scan-id> -o json > latest-issues.json

# Get issues from previous scan
escape-cli scans issues <previous-scan-id> -o json > previous-issues.json

# Compare to find new issues
jq -s '.[0] - .[1]' latest-issues.json previous-issues.json

Issue Lifecycle Management¶

Typical Workflow¶

Detection - Issue discovered during scan
Triage - Security team reviews and assesses impact
Assignment - Issue assigned to development team
Acknowledgment - Team acknowledges and plans fix
Resolution - Vulnerability remediated
Verification - Next scan confirms resolution

Automation Example¶

#!/bin/bash
# Auto-assign critical issues to security team

CRITICAL_ISSUES=$(escape-cli issues list --severity CRITICAL --status OPEN -o json)

echo "$CRITICAL_ISSUES" | jq -r '.[].id' | while read -r issue_id; do
    escape-cli issues update "$issue_id" \
        --assignee security-team@example.com \
        --note "Auto-assigned: Critical severity"
    echo "Assigned issue $issue_id to security team"
done

Integration with Issue Tracking¶

Create Jira Tickets¶

#!/bin/bash
# Create Jira tickets for high-severity issues

escape-cli issues list --severity HIGH --status OPEN -o json | jq -c '.[]' | while read -r issue; do
    ISSUE_ID=$(echo "$issue" | jq -r '.id')
    ISSUE_NAME=$(echo "$issue" | jq -r '.name')
    ISSUE_URL=$(echo "$issue" | jq -r '.url')

    # Create Jira ticket via REST API
    curl -X POST https://jira.example.com/rest/api/2/issue \
        -H "Content-Type: application/json" \
        -u "$JIRA_USER:$JIRA_TOKEN" \
        -d "{
            \"fields\": {
                \"project\": {\"key\": \"SEC\"},
                \"summary\": \"[Escape] $ISSUE_NAME\",
                \"description\": \"Security issue found: $ISSUE_URL\",
                \"issuetype\": {\"name\": \"Bug\"},
                \"priority\": {\"name\": \"High\"}
            }
        }"
done

Create GitHub Issues¶

#!/bin/bash
# Create GitHub issues for critical findings

escape-cli issues list --severity CRITICAL --status OPEN -o json | jq -c '.[]' | while read -r issue; do
    ISSUE_NAME=$(echo "$issue" | jq -r '.name')
    ISSUE_URL=$(echo "$issue" | jq -r '.url')
    ISSUE_DESC=$(echo "$issue" | jq -r '.description')

    gh issue create \
        --title "[Security] $ISSUE_NAME" \
        --body "**Critical Security Finding**\n\n$ISSUE_DESC\n\n[View in Escape]($ISSUE_URL)" \
        --label security,critical
done

Best Practices¶

Prioritization¶

Critical/High issues first - Address severe vulnerabilities immediately
Consider exploitability - Prioritize issues with known exploits
Assess business impact - Focus on issues affecting critical functionality
Track trends - Monitor if specific issue types are increasing

Remediation Workflow¶

Verify the issue - Confirm it's a true positive
Assess impact - Understand the security implications
Plan the fix - Determine remediation approach
Implement - Apply the security fix
Test - Verify the fix doesn't break functionality
Re-scan - Confirm the issue is resolved

Communication¶

Regular reports - Share security status with stakeholders
Trend analysis - Track issue resolution rates
Team collaboration - Use assignments and comments effectively
Escalation paths - Define clear escalation for critical issues

False Positive Handling¶

If an issue is a false positive:

# Mark as ignored with explanation
escape-cli issues update <issue-id> \
    --ignored true \
    --note "False positive: Using parameterized queries, not vulnerable to SQL injection"

Troubleshooting¶

No Issues Returned¶

If scans complete but show no issues:

Verify the scan completed successfully
Check scan configuration for scope limitations
Review scan logs for errors
Ensure the application is accessible from the scan location

Duplicate Issues¶

If the same issue appears multiple times:

Check if it affects multiple endpoints
Review issue grouping settings in the web interface
Consider if this indicates a systemic problem requiring broader fixes

Issues Not Updating¶

If issue updates fail:

Verify you have permission to modify issues
Check the issue ID is correct
Ensure the status value is valid
Use JSON output to see detailed error messages

Next Steps¶

Scans Management - Run scans to discover issues
Practical Recipes - Complete issue management workflows
CI/CD Integration - Automate issue detection in pipelines