Docs
DocsAPICLIGlossary
Launch App
User Guides
For DevelopersFor Security TeamsFor Legal & Compliance
Product Guides
Get Started
Project Setup
Release Groups
Issues
Licenses
Vulnerabilities
Quality
SBOM
Policies
Reports
FOSSA CLI
API Reference
Integrations
fossabot
Organization Management
On-Premises Deployment
Help & Support
Legal
Get Supportfossa.com
DocsUser GuidesFor Security Teams

Find and enforce your vulnerability risk threshold

Detect CVEs across your dependencies, set severity policies that gate builds, and focus on vulnerabilities that are actually reachable in your code.

16 min read
Prerequisites: At least one project imported and scanning. If not, start with the For Developers guide.

Where you'll end up

You're triaging real, reachable vulnerabilities, with policies enforcing your risk threshold.

The path

Turn on vulnerability scanning

Detect CVEs across your dependencies.

Set security policies

Define severity thresholds that gate builds.

Surface and analyze issues by policy

Review the vulnerabilities your policies flag and filter the Issues inbox by severity, status, and other criteria.

Prioritize and triage vulnerabilities

Focus on the highest-impact, fixable vulnerabilities first with a prioritized upgrade plan.

© 2026 FOSSA, Inc.support@fossa.com