Status Page

Increase SAST violations

Minor incident EU Environment API (EU Environment) Application/UI (EU Environment) US Environment API (US Environment) Application/UI (US Environment)
2026-04-10 09:30 IDT · 4 days, 4 hours, 18 minutes

Updates

Issue

Summary
Between April 10 and April 14, 2026, some customers saw SAST scans and findings generated for branches that were not included in their configured branch-scanning settings. This resulted in unexpected findings, including duplicates and false positives, appearing in the product. The issue was caused by a recent update to the branch-scanning control logic that did not correctly apply customers’ branch configuration during that period. The scanning behavior was corrected on April 14, 2026, and the incident was fully resolved on April 27, 2026 after the unintended findings were removed.

Key Timeline (IDT)

  • April 10, 2026, 09:33 IDT — A production update introduced incorrect handling of branch-scanning configuration for some SAST events.
  • April 14, 2026, 13:48 IDT — A subsequent update restored expected enforcement of configured branch-scanning rules.
  • April 21, 2026, 19:00 IDT — Customer reports alerted us to unexpected SAST findings on non-configured branches.
  • April 22, 2026, 13:52 IDT — Root cause identified; scope assessment initiated.
  • April 23, 2026, 18:13 IDT — Impact analysis tooling executed to identify affected data and tenants.
  • April 27, 2026, 14:30 IDT — Cleanup completed; unintended findings removed and incident fully remediated.

Root Cause
A product update introduced an issue in the branch-scanning configuration check, causing the system to create SAST scans for branches outside of customer-defined scanning rules for a limited period (April 10–14). These extra scans produced unintended findings, which became visible to customers as additional or duplicate items.

Actions Taken

  1. Restored correct enforcement of customers’ configured branch-scanning rules.
  2. Assessed the scope of the impact across affected environments.
  3. Removed unintended SAST findings created for non-configured branches.
  4. Confirmed expected behavior after cleanup.

Action Items

  1. Improve validation and safeguards around branch-scanning configuration checks during updates.
  2. Enhance monitoring to detect unexpected increases in scan volume or findings.
  3. Strengthen release checks for feature-gated behavior to prevent similar regressions.
April 28, 2026 · 17:18 IDT

← Back