Integrate CI tools - Administrator Guide - Cortex Cloud Posture Management - Cortex CLOUD

Cortex Cloud Posture Management Documentation

Product: Cortex Cloud Application Security > Cortex CLOUD
License: Cloud Posture Management
Creation date: 2025-01-22
Last date published: 2026-06-04
Category: Administrator Guide

By integrating CI tools, you get two main benefits: code scans and streamlined security workflows. This is achieved by inserting code snippets directly into your existing CI workflows, which then use the Cortex CLI to trigger automated security checks:

Code scans:
- Code scanning for IaC (Infrastructure as Code): Finds misconfigurations in your IaC files, ensuring your cloud and infrastructure environments are secure from the start
- Software Composition Analysis (SCA) scans: Identify vulnerabilities in open-source libraries and third-party components, along with license misconfigurations and package integrity issues
- Secrets detection: Finds hardcoded secrets, such as API keys and passwords, in your code and pipelines to prevent unauthorized access and data breaches
Streamlined workflows: By integrating security scans directly into your CI/CD pipelines, you achieve a shift-left security model, moving security from a final check to an early, continuous process within the development lifecycle.
- Early threat detection: You can identify and fix security threats as soon as they are introduced
- Automated and seamless integration: The use of code snippets and a unified CLI makes the security checks a seamless part of your existing CI process, requiring no manual intervention

You can integrate your CI tools and systems through the platform wizard or by directly adding a code snippet to your pipelines in supported systems.

Integrate CI tools via the tenant UI wizard

Cortex Cloud Application Security supports the following CI tools for onboarding via the UI wizard:

AWS CodeBuild
CircleCI for code scans (For CircleCI CI/CD pipeline scans, refer to CI/CD)
Cortex CLI. For information about using the Cortex CLI, refer to Cortex CLI
GitHub Actions
Jenkins for code scans (For Jenkins CI/CD pipeline scans, refer to CI/CD)
Terraform Cloud (Run Tasks)Terraform Cloud (Run Tasks)
Terraform Enterprise (Run Tasks)Terraform Enterprise (Run Tasks)

Manage CI Tools

To access CI tool management, navigate to Settings → Data Sources & Integrations → hover over a CI tool → View Details.

You can perform the following actions on CI tools:

Delete an instance: Right-click on an instance of the CI tool → Delete instance → Delete
Remove a connected repository: Select an instance of the CI → right-click on a repository → Remove Repository
Select the repository branches to be scanned: Select an instance of the CI → right-click on a repository → Set Scanned Branches → select a branch/multiple branches → Save
Perform a manual scan of the repository: Select an instance of the CI → right-click on a repository → Scan Repository