Code analysis plays a vital role in the software development life cycle, ensuring that your code is free of bugs, devoid of vulnerabilities, and compliant with industry standards. Since version 6.0, FlexDeploy has provided integrations for static code analysis, vulnerability scanning, and dynamic application security testing. With the release of version 7.0, automatic aggregation and evaluation of code scans is available through pipelines. In this blog post, we will dive into the implementation of the new Pipeline Scan Gate, aimed at enhancing the security levels of your releases.
Scan Gate Example
In FlexDeploy, code scans can be executed within workflows. Typically, utility workflows are employed to focus solely on analyzing source code. However, any workflow can be configured to conduct a scan on a project. Upon execution, vulnerabilities and code issues detected by the scan can be accessed on the “Scan Results” page within the project’s execution. For detailed instructions on setting up code analysis within FlexDeploy, view SAST and DAST Scan Integration.
Pipeline Setup
When incorporating the new Scan Gate into a pipeline, several factors need to be considered. Maximum issue counts can be defined for each severity level of the scans. If the issue count exceeds the specified number, the gate will fail. Scan results can be evaluated either per project or cumulatively for all scans. The gate always evaluates scans performed from project build execution inputs to a snapshot. In addition to builds, you can choose to evaluate scans performed in any previous stages, encompassing all executions within the selected stage.
Release Execution
The image below shows the snapshot execution page of our newly implemented Scan Gate. The gate assessed four different scans, all originating from either the builds for this snapshot or other project executions from the development stage. The gate failed due to the detection of 24 high severity issues in the first scan. During gate setup, the maximum high severity issue count was configured to be less than five.
Conclusion
Using the Scan Gate, you will be able to more efficiently evaluate vulnerabilities within your code during the release automation process. We are eager to see our customers leverage all the great release automation features in FlexDeploy!
