Adds information about provisionally ignored triage state

docs/semgrep-ci/findings-ci.md

@@ -26,13 +26,14 @@ These states correspond to:
 
 ## Semgrep Code findings
 
-Semgrep AppSec Platform builds on CI findings to track status and provide additional context for managing findings within your organization. A finding can be one of four statuses in Semgrep AppSec Platform:
+Semgrep AppSec Platform builds on CI findings to track status and provide additional context for managing findings within your organization. A finding can be one of the following statuses in Semgrep AppSec Platform:
 
 * `OPEN`
 * `REVIEWING`
 * `FIXING`
 * `IGNORED`
 * `FIXED`
+* `PROVISIONALLY_IGNORED`
 
 ### Finding status
 

docs/semgrep-code/triage-remediation.md

@@ -40,7 +40,7 @@ Semgrep Assistant can also [auto-triage findings](/semgrep-assistant/overview#au
 
 **Triage** is the prioritization of a finding based on policies or criteria set by your team or organization, such as severity, coding standards, business goals, and product goals.
 
-Semgrep AppSec Platform uses the logic specified in the table below to automatically mark findings as either fixed or removed when a finding is no longer present in the code. You can also manually ignore findings in Semgrep AppSec Platform directly through **triage** or **bulk triage**.
+Semgrep AppSec Platform uses the logic specified in the table below to automatically mark findings as either fixed or removed when a finding is no longer present in the code. You can also manually ignore findings in Semgrep AppSec Platform directly through **triage** or **bulk triage**. Additionally, Semgrep can automatically mark findings as **provisionally ignored** based on AI analysis, validation results, and reachability analysis.
 
 The triage statuses are as follows:
 
@@ -107,14 +107,14 @@ To **ignore multiple findings** in the **No grouping** view, follow these steps:
 
 ### Reopen findings
 
-You can **reopen** a finding that you previously marked as **ignore** at any time.
+You can **reopen** a finding at any time, whether you previously marked it as **ignored** or Semgrep automatically marked it as **provisionally ignored**.
 
 <details>
 <summary>Reopen findings in <b>Group by Rule</b> view</summary>
 
 To **reopen findings** in the **Group by Rule** view, follow these steps:
 
-1. On the [Findings](https://semgrep.dev/orgs/-/findings?tab=open) page, click the **Status** filter, and then select the **Ignored** or **Fixed** status to see all ignored or fixed findings.
+1. On the [Findings](https://semgrep.dev/orgs/-/findings?tab=open) page, click the **Status** filter, and then select the **Ignored**, **Provisionally Ignored**, or **Fixed** status to see all ignored, provisionally ignored, or fixed findings.
 2. Perform one of these steps:
     - To select more findings from the same rule, click the **Triage** button on the card of the finding.
     - To select individual findings reported by a rule, fill in the checkboxes for the finding, and then click the **Triage** button on the finding card.
@@ -128,14 +128,14 @@ To **reopen findings** in the **Group by Rule** view, follow these steps:
 
 To **reopen individual findings** in the No grouping view, follow these steps:
 
-1. On the [Findings](https://semgrep.dev/orgs/-/findings?tab=open) page, click the **Status** filter, and then select **Ignored** or **Fixed** status to see all ignored or fixed findings.
+1. On the [Findings](https://semgrep.dev/orgs/-/findings?tab=open) page, click the **Status** filter, and then select **Ignored**, **Provisionally Ignored**, or **Fixed** status to see all ignored, provisionally ignored, or fixed findings.
 2. Next to a finding you want to ignore, click the **Reopen** <i class="fa-regular fa-chevron-down"></i>.
 3. Optional: Add a note.
 4. Click **Save**.
 
 To **reopen multiple findings** in the **No grouping** view, follow these steps:
 
-1. On the [Findings](https://semgrep.dev/orgs/-/findings?tab=open) page, click the **Status** filter, and then select the **Ignored** or **Fixed** status to see all ignored or fixed findings.
+1. On the [Findings](https://semgrep.dev/orgs/-/findings?tab=open) page, click the **Status** filter, and then select the **Ignored**, **Provisionally Ignored**, or **Fixed** status to see all ignored, provisionally ignored, or fixed findings.
 1. Perform one of these steps:
     - Select all findings by clicking on the header row checkbox that states **Showing X open findings**. You can navigate to succeeding pages and add other results to the current selection.
     - Select relevant findings one by one by clicking on their checkboxes.
@@ -172,7 +172,22 @@ Semgrep supports older versions of this feature that used the following commands
 
 ## Triage findings in bulk through the Semgrep API
 
-Semgrep provides an API endpoint you can use to triage findings in bulk, either by passing a list of `issue_ids` or filter query parameters to select findings. You must also specify an `issue_type`, such as `sast` or `sca`, and either  `new_triage_state` or `new_note`. Refer to [<i class="fas fa-external-link fa-xs"></i> Bulk triage API documentation](https://semgrep.dev/api/v1/docs/#tag/TriageService).
+Semgrep provides an API endpoint you can use to triage findings in bulk, either by passing a list of `issue_ids` or filter query parameters to select findings. You must also specify an `issue_type`, such as `sast` or `sca`, and either `new_triage_state` or `new_note`. 
+
+The available `new_triage_state` values you can set are:
+- `open`
+- `reviewing`
+- `fixing`
+- `ignored`
+- `fixed`
+
+If specifying a `new_triage_reason`, you must also use `new_triage_state=ignored`. 
+
+:::note
+When retrieving findings through the API, you may also see the `provisionally_ignored` status. This status is automatically set by Semgrep and cannot be manually assigned through the bulk triage API.
+:::
+
+Refer to [<i class="fas fa-external-link fa-xs"></i> Bulk triage API documentation](https://semgrep.dev/api/v1/docs/#tag/TriageService) for complete details.
 
 ## Reduce the number of false positive findings
 

docs/semgrep-secrets/getting-started.md

@@ -116,6 +116,8 @@ Use filters to narrow down your results. The following criteria are available fo
 | **Open** | Findings are open by default. A finding is open if it was present the last time Semgrep scanned the code and it has not been ignored. An open finding represents a match between the code and a rule that is enabled in the repository. Open findings require action, such as rewriting the code to eliminate the detected vulnerability. |
 | **Ignored** | Findings that are ignored are present in the code, but have been labeled as unimportant. Ignore findings that are false positives or deprioritized issues. You can filter findings with a status of **Ignored** further by reason:  **False positive**, **Acceptable risk**, **No time to fix**, or **No triage reason**. |
 | **Fixed** | Fixed findings were detected in a previous scan, but are no longer detected in the most recent scan of that same branch due to changes in the code. |
+| **Provisionally Ignored** | Findings that contain invalid secrets which have been automatically ignored by Semgrep. These findings can be reviewed and reopened if needed. |
+
 
 #### Severity
 

docs/semgrep-supply-chain/view-export.md

@@ -89,6 +89,7 @@ The triage state of the finding:
 * **Fixing**: Findings for which you have decided to fix. Commonly used to indicate that these findings are tracked in Jira or assigned to developers for further work.
 * **Ignored**: Vulnerabilities that have been triaged as **Ignored** by the user. You can filter findings with a status of **Ignored** further by reason: **False positive**, **Acceptable risk**, **No time to fix**, or **No triage reason**.
 * **Fixed**: Vulnerabilities that are no longer detected after a scan. This typically means that the dependency containing the vulnerability has been updated. Semgrep Supply Chain automatically checks if the dependency has been updated and sets the vulnerability's status as **Fixed**.
+* **Provisionally Ignored**: Findings that contain unreachable supply chain vulnerabilities which have been automatically ignored by Semgrep. These findings can be reviewed and reopened if needed.
 
 > You can set the **Fixing** and **Reviewing** statuses only if you are a [Jira beta](https://semgrep.dev/docs/semgrep-appsec-platform/jira) participant.
 

src/components/reference/_triage-states.mdx

@@ -5,7 +5,7 @@
 | **Fixing** | Findings for which you have decided to fix. Commonly used to indicate that these findings are tracked in Jira or assigned to developers for further work. |
 | **Fixed** | Fixed findings were detected in a previous scan but are no longer detected in the most recent scan of that same branch due to changes in the code. |
 | **Ignored** | Findings that are ignored are present in the code but have been labeled as unimportant. Ignore findings that are false positives or deprioritized issues. Mark findings as [ignored through Semgrep AppSec Platform](/semgrep-code/triage-remediation) or by adding a [nosemgrep code comment](/ignoring-files-folders-code/#reference-summary). You can also provide a reason for why you are ignoring a finding: **False positive**, **Acceptable risk**, **No time to fix**. |
-
+| **Provisionally Ignored** | Findings that have been automatically ignored by Semgrep based on AI analysis. This includes findings identified as false positives by Assistant auto-triage, invalid secrets, and unreachable supply chain vulnerabilities. These findings can be reviewed and reopened if needed. |
 ### Removed findings
 
 Findings can also be **removed**. Semgrep considers a finding removed if it is not found in the most recent scan of the branch where Semgrep initially detected it due to any of the following conditions: