CI/CD pipeline issues - Administrator Guide - Cortex Cloud Posture Management

CI/CD pipeline issues - Administrator Guide - Cortex Cloud Posture Management - Cortex CLOUD

Cortex Cloud Posture Management Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Posture Management

Creation date

2025-01-22

Last date published

2026-06-10

To access CI/CD pipeline risks issues, under Modules, select Application Security → Issues → CI/CD Risks.

Below are selected properties of the CI/CD pipeline risks issues inventories.

Property	Description
Severity	The CI/CD pipeline risk severity level. Values: Critical, High, Medium, Low, Informational, unknown
Issue Name	The name assigned to the CI/CD pipeline risk issue. Corresponds to the CI/CD rule that detected the risk
Category	The type of issue. Values: Code, Configuration
Description	A description of the issue
Finding ID	The identifier of the finding on which the issue is based
Provider	The version control system (such as GitHub) or CI tool (such as GitHub Actions) hosting the CI/CD pipeline in which the issue was detected
Asset Name	The name of the asset in which the issue was detected
Asset ID	The identifier of the asset in which the issue was detected
Asset Category	The category of the asset (such as a repository, CI/CD Pipeline) in which the issue was detected
Status	The status of the issue. Values: New, Resolved, Under Investigation
Domain	Fixed value: Posture
Last Updated	The most recent scan that detected the finding which generated the issue
Backlog Status	Backlog Status: Indicates if the issue is categorized as Backlog (pre-existing technical debt) or New (a recently introduced vulnerability). To understand how issues are categorized as backlog/new, refer to Issue/Finding classification by scanner