CloudDefense.AI
  • Connect Repositories
    • Scan a Github/Gitlab
    • Scan an Azure DevOps repository
    • Scan a Bitbucket repository
  • Scans
    • Written code Scan (SAST)
    • Open Source Libraries Scan (SCA)
    • Secrets Scan
    • DAST Scans
    • API Scan from CloudDefense UI
  • CI/CD
    • GitHub Enterprise Actions
    • Methods for CI/CD integration with CLI
    • CI/CD Policies
    • Jenkins integration with cdefence
  • Integration
    • IaC on GCR Scan
    • IaC on Amazon ECR Scan
    • IaC on Docker Hub Scan
    • Integration with ServiceNow
    • Integration with Jira
    • SSO Okta App Integration
    • Set up CloudDefense Single Sign-On (SSO)
    • SIEM
      • Azure Sentinel
      • IBM Qradar
      • Micro Focus ArcSight Logger
  • Features
    • Sharing Integration
    • How to Enable Multi-Factor Authentication
    • AUTO PR
    • Remediation using SAST Recommendations
    • Global Allowed List and Local allowed list - Documentation
    • File Exclude
  • CloudDefense CLI
    • Cloud Defense CLI
  • On-Prem Installation
    • Install CloudDefense Helm on a Kubernetes Cluster
    • Install CloudDefense suite on a Kubernetes cluster
  • Others
    • Team Management
    • User Management
    • App Management
    • LogIn/Signup process
Powered by GitBook
On this page
  • OSS Policy Licenses
  • Build Policy List
  1. CI/CD

CI/CD Policies

PreviousMethods for CI/CD integration with CLINextJenkins integration with cdefence

Last updated 2 years ago

During a CI/CD pipeline, there are multiple ways a developer can make a build pass or fail by using https://console.clouddefenseai.com/compliance policies like the following

OSS Policy Licenses

With this a developer need to add the license either in Approved or Denied list via drag and drop

Any license detected by our scan, if it’s in approved list the build will pass from the CI/CD if not then it will fail the build

Build Policy List

With this feature a developer scan pass or fail a build based on the criteria like,

  1. Secrets Detection

  2. Owasp Top 10 Detection

  3. Vulnerability Count

  4. ID/CVE/CWE Match

Any number or criteria set can will make a build stop or pass during a CI/CD pipeline