The CI/CD instance inventory provides multiple ways to investigate an instance asset, from quick agentic queries in the main table to deep-dive configuration analysis in the side panel.
Select a CI/CD instance row in the table to open its side panel. This provides a consolidated workspace for investigating platform-level security posture without navigating away from the asset inventory. The health profile represents the current security state of the CI/CD platform configuration.
Ask the AppSec agentic assistant
From the CI/CD Instances table, select the Agentic Agentic icon and then select Application Security from the agents menu. You can then query instance-specific insights.
You can also access the agent in the side panel by clicking the Ask AI icon.
Explore the instance context
Navigate through the following tabs in the side panel to review the instance context. This helps prioritize remediation efforts based on platform criticality and assess the potential impact of misconfigurations:
Overview tab: Displays key instance properties, including the provider type, instance URL, and platform version. Also shows the severity breakdown of CI/CD configuration risk issues associated with the instance
Pipelines tab: Displays all CI/CD pipelines hosted on the CI/CD instance. Select a pipeline row to open the CI/CD pipeline asset side panel for cross-asset investigation without navigating away from the CI/CD instance context
Compliance tab: Displays the compliance posture of the CI/CD instance against relevant industry frameworks and security benchmarks
Investigate and remediate issues
You can investigate specific security findings directly from the asset side panel. From the Overview tab, you can select specific issues or cases associated with the CI/CD instance, or you can investigate risks by category using the dedicated issues tab:
Tab name | Description |
|---|---|
CI/CD Configuration | Displays CI/CD configuration risk findings detected at the instance level by the CI/CD scanner. Each risk finding includes the detection rule identifier, risk name and description, severity level, OWASP CI/CD Top 10 category mapping, and evidence sentence with linked metadata |
Selecting an issue opens a dedicated issue side card directly over the inventory view. This allows you to review detailed information, including the detection rule, severity level, OWASP CI/CD Top 10 category mapping, and evidence, and apply remediation guidance without losing your place in the asset inventory.
Note
Navigate to the dedicated → → page to manage the CI/CD risks remediation lifecycle at scale through bulk status updates, team assignments, and SLA tracking for compliance monitoring.
Execute asset actions
After reviewing the instance health, you can perform the following operations:
Open in Provider: Available from the side panel Actions menu. Click Open in Provider to navigate directly to the CI/CD platform console at the instance URL (for example, the Jenkins dashboard or the GitHub organization page)
View asset data: Available from either the side panel Actions menu or by right-clicking the resource in the main table. Click View asset data to view raw instance data in JSON (default) or tree view formats to assist with custom integrations, XQL queries, or API operations
Limitations
Limitation | Description |
|---|---|
CI/CD integration required | CI/CD instance assets are only created through active CI/CD integrations. Disconnected or removed CI/CD integrations result in the CI/CD instance asset no longer receiving updated scan data |
Provider support scope | CI/CD instance discovery is limited to supported providers: Jenkins, GitHub Actions, GitLab CI, Azure Pipelines, and CircleCI. CI/CD platforms on unsupported providers are not discovered as instance assets |
No Code-to-Cloud lineage | The CI/CD instance asset does not directly participate in the Code-to-Cloud relationship graph. Code-to-Cloud lineage is tracked at the CI/CD pipeline level, not the instance level |
Instance URL availability | The Instance URL property is populated only when the CI/CD integration provides the platform URL. Instances without a discoverable URL display an empty Instance URL field |
Version data availability | The Version property is populated only for CI/CD providers that expose platform version metadata through the integration (for example, Jenkins). Not all CI/CD providers expose version information |
CI/CD Configuration Scan policy restrictions | The CI/CD Configuration Scan policy type supports only the Periodic Scan trigger. PR Scan, CI Code Scan, CI Image Scan, and Image Registry Scan triggers are not available for CI/CD Configuration Scan policies |
Security posture aggregation scope | The instance-level security health profile aggregates CI/CD configuration risk findings only. Vulnerability, code weakness, and secrets findings are tracked at the repository and pipeline levels, not the instance level |