Issues & Tracking
Track, manage, and resolve security issues detected across all your domains.
What are issues?
Issues are persistent records of security problems detected by your scans. When a scan test fails, StackShield creates an issue for each distinct finding. Issues are deduplicated — if the same problem is detected in multiple scans, it's tracked as one issue rather than creating duplicates.
This deduplication works by fingerprinting each finding based on the domain, test type, severity, and description. Variable data like timestamps, IP addresses, and URLs are normalized before fingerprinting so minor variations don't create duplicate issues.
Issue properties
Each issue contains:
- Domain — which check/domain the issue was found on
- Test type — which security test detected it (e.g., "SSL/TLS Validation", "Security Headers")
- Severity — Critical, High, Medium, or Low
- Title & description — what the issue is and why it matters
- Status — Unresolved or Resolved
- First detected — when the issue was first seen
- Last detected — when it was most recently observed in a scan
- Resolution notes — optional notes you add when resolving
Viewing issues
Navigate to Issues to see all issues across your domains. The page shows summary statistics at the top:
- Total open issues by severity (critical, high, medium, low)
- Resolved issue count
Filtering and search
Use the filters to narrow down issues:
- Severity — show only critical, high, medium, or low issues
- Status — show all, unresolved only, or resolved only
- Domain — filter issues to a specific check
- Test type — show only issues from a specific test (e.g., only SSL issues)
- Search — search by issue title or description
Filters can be combined. Use Clear Filters to reset everything.
Resolving issues
When you've fixed a security problem, mark the issue as resolved:
- Click on the issue to view its details
- Click Mark as Resolved
- Optionally add resolution notes explaining what you did to fix it (recommended for team visibility)
Automatic resolution
If a subsequent scan no longer detects the issue, it is not automatically resolved. We leave resolution as an explicit action so you can verify the fix and add notes. However, the "last detected" date will stop updating, making it easy to spot issues that may have been fixed.
Unresolving issues
If you marked an issue as resolved but the problem comes back (or was resolved in error), you can click Mark as Unresolved to reopen it.
Bulk actions
For managing many issues at once:
- Select issues using the checkboxes on the issues list
- Choose an action from the bulk actions dropdown:
- Resolve selected — mark all selected issues as resolved
- Unresolve selected — reopen all selected issues
- Delete selected — permanently delete selected issues
This is useful when you've deployed a fix that addresses multiple issues at once.
Exporting issues
Export all your issues as a CSV file for reporting, compliance, or importing into other tools:
- Go to the Issues page
- Click the Export CSV button
- The downloaded CSV includes: domain, test type, severity, title, description, status, first detected, last detected, and resolution notes
The export includes all issues for your team, not just the currently filtered view.
Issue workflow
Here's a recommended workflow for managing issues:
Triage
Review new issues after each scan. Focus on critical and high severity first.
Fix
Follow the remediation steps in the issue details or the corresponding security documentation.
Verify
Run a new scan to confirm the fix works externally. The test should now pass.
Resolve
Mark the issue as resolved with notes about what was fixed and when.
Issues via API
You can manage issues programmatically via the REST API:
GET /api/v1/issues— list and filter issuesGET /api/v1/issues/{'{'}id{'}'}— get issue detailsPATCH /api/v1/issues/{'{'}id{'}'}— resolve or unresolve an issuePOST /api/v1/issues/bulk— bulk resolve/unresolveGET /api/v1/issues/export— export CSV