GitLab's vulnerability reports often present numerous findings with generic CVSS scores that don't reflect environments' specifics. This results in inefficient manual triage, as the initial severity doesn't indicate real risk. GitLab introduces severity override policies to automate severity adjustments based on defined criteria. These policies use rules to modify severity levels (set, increase, or decrease) based on factors like CVEs, file paths, and CWEs. Examples include downgrading vulnerabilities in internal services and upgrading injection vulnerabilities in production code. Other use cases include normalizing severity across scanners and aligning with threat intelligence like CISA's KEV. These policies can be applied at the group level to maintain consistent risk models across many projects. Applying these policies ensures that the vulnerability report reflects more accurate environmental risks. Manual overrides always supersede policy actions, and all changes are logged for auditing purposes. Users are encouraged to implement these policies to refine their vulnerability management process.