Issue statuses

As part of the issue management process, you analyze each detected issue and assign it a status that indicates how it should be handled. We call this process "citing".

Users require permission to change an issue's status. Permission can be granted to change from or to any status or only for specific statuses. For example, a group of users may only have permission to change issues in "Analyze" status to "Fix".

Status	Use this status to indicate that the issue...
Analyze (default initial status)	should be reviewed. All newly detected issues display this status. It persists until you change it.
Ignore	does not need a review or fix. This status is intended for issues found (whether valid or otherwise) in code you don't care about, for example, test code.
Not a problem	is a false positive; the issue reported isn't valid. The issue relates to an analysis failure and is often caused by build integration problems. We recommend opening a Customer Support Request (CSR) when you determine that a reported issue is a false positive, so that we can analyze the issue and make improvements to the engine, if necessary.
Fix	is a valid issue that should be fixed as soon as possible.
Fix in Next Release	is a valid issue that is mostly harmless and can be left in the code base without too much risk, but should be addressed sooner rather than later.
Fix in Later Release	is a valid issue that is completely harmless and can be left in the code base indefinitely without risk.
Defer	is a valid issue that needs discussion with others or escalation to (for example) a security team for final judgment.
Filter	can be filtered for compatibility with older versions of filter files.
Code Suppression	is suppressed using Helix QAC code-based suppression. This status is automatically assigned. You can not manually assign "Code Suppression" unless an issue was originally assigned this status.
Multiple	grouped issues where multiple statuses are found (For example, one issue is cited as 'fix', while another is cited as 'analyze').