Overview
ZeroPath uses a fine-grained authorization (FGA) system to control access to resources within your organization. Teams group users together and can be assigned to specific repositories, letting you control who sees what.Team Management
Creating Teams
- Navigate to Settings → Teams in the dashboard.
- Click “Create Team”.
- Give the team a name and optional description.
- Add members by email or username.
- Assign repositories the team should have access to.
Team Members
Teams can include:- Users — people with ZeroPath accounts in your organization
- Contributors — code contributors identified from Git blame data (matched by email, name, or VCS username)
Linking Unmatched Contributors
When ZeroPath identifies code contributors that haven’t been matched to a user account, they appear in the Unmatched Contributors panel. From here you can:- Search contributors by name, username, or email to quickly find the person you want to link.
- Search organization members within the assignment dropdown to find the right account.
- Link contributors individually — each contributor can be linked independently without blocking other link operations.
Permissions
ZeroPath uses role-based permissions at the organization level. Key permission categories include:| Category | Permissions |
|---|---|
| Issues | View, manage, mark as false positive, archive |
| Scans | Start scans, cancel scans, view scan history |
| Repositories | Add, remove, configure repositories |
| Integrations | Connect and manage Jira, Linear, Slack, Wiz |
| API Tokens | Create, view, delete API tokens |
| Patches | Generate patches, approve patches, create PRs |
| Settings | Manage organization settings, scanner settings |
| Teams | Create, edit, delete teams |
Repository Access
Teams can be scoped to specific repositories. When assigning repositories to a team, you can search for repositories by name and the list supports pagination, making it easy to find the right repositories even in organizations with a large number of connected repos. When a team is assigned to a repository:- Team members can view scan results and findings for that repository
- Notifications and alerts are routed to the appropriate team
- Git blame attribution links findings to team members who authored the affected code
Issue Status Workflow
Findings follow a structured lifecycle that maps to team workflows:| Status | Meaning |
|---|---|
| Pending Review | New finding, awaiting triage |
| Reviewing | Under active review by the team |
| Patching | Fix is being developed |
| Resolved | Fix has been applied (manually or via merged PR) |
| False Positive | Confirmed not a real vulnerability |
| Accepted Risk | Known issue accepted by the team |
| Non-Exploitable | Technically present but not exploitable in context |
| Backlog | Acknowledged but deferred for later |