Request A Demo
Back to All Blog Articles

Enhancing Release Security with FlexDeploy: Pipeline Scan Gate

Code analysis plays a vital role in the software development life cycle, ensuring that your code is free of bugs, devoid of vulnerabilities, and compliant with industry standards. Since version 6.0, FlexDeploy has provided integrations for static code analysis, vulnerability scanning, and dynamic application security testing. With the release of version 7.0, automatic aggregation and evaluation of code scans is available through pipelines. In this blog post, we will dive into the implementation of the new Pipeline Scan Gate, aimed at enhancing the security levels of your releases.

Scan Gate Example

In FlexDeploy, code scans can be executed within workflows. Typically, utility workflows are employed to focus solely on analyzing source code. However, any workflow can be configured to conduct a scan on a project. Upon execution, vulnerabilities and code issues detected by the scan can be accessed on the “Scan Results” page within the project’s execution. For detailed instructions on setting up code analysis within FlexDeploy, view SAST and DAST Scan Integration.

Pipeline Setup

When incorporating the new Scan Gate into a pipeline, several factors need to be considered. Maximum issue counts can be defined for each severity level of the scans. If the issue count exceeds the specified number, the gate will fail. Scan results can be evaluated either per project or cumulatively for all scans. The gate always evaluates scans performed from project build execution inputs to a snapshot. In addition to builds, you can choose to evaluate scans performed in any previous stages, encompassing all executions within the selected stage.

Scan Gate setup on a pipeline that evaluates by project for all scans performed on the Development stage.

Release Execution

The image below shows the snapshot execution page of our newly implemented Scan Gate. The gate assessed four different scans, all originating from either the builds for this snapshot or other project executions from the development stage. The gate failed due to the detection of 24 high severity issues in the first scan. During gate setup, the maximum high severity issue count was configured to be less than five.

Conclusion

Using the Scan Gate, you will be able to more efficiently evaluate vulnerabilities within your code during the release automation process. We are eager to see our customers leverage all the great release automation features in FlexDeploy!

Related Resources

Coming In FlexDeploy 9.0 – Credential Support For SSH Keys

Incorporating SSH keys are an easy way to add a layer of security to your development and delivery processes. Once ...

Unlock the Power of DevOps Compliance for Your Enterprise Software

In today’s fast-paced software development environment, ensuring compliance with regulatory standards and policies is not just a necessity—it’s a strategic ...

Streamline Your Oracle EBS with FlexDeploy: Escape the Burden of Legacy DevOps

Are you an IT Director or Oracle E-Business Suite Manager/Administrator struggling with outdated DevOps tools like Quest Stat for PeopleSoft ...

Join DevOps leaders across the globe who receive analysis, tips, and trends in their inbox