Cortex Cloud Application Security provides centralized visibility into security scan results across the Software Development Life Cycle (SDLC). The scan management interface aggregates scan results from three scan types, Branch Periodic scans, CI scans, and Pull Request scans, into dedicated inventory views that surface scan health, issue severity breakdowns, and a breakdown of findings by security category (such as vulnerabilities, secrets and so on) for every scanned repository. The scan management interface enables you to monitor scan execution health, identify repositories with failed or partial scans, investigate scan-level issues by category, and trigger rescans for repositories that require re-evaluation.
Scope: Scan management displays scan results and scan health telemetry. Scan management does not configure scanners, manage repositories, create policies, or enforce guardrails.
Manage scans via the tenant (UI)
The tenant provides a centralized, visual interface to track scan health, status, scope, and detected issues across your pipelines and repositories. The scan management interface provides inventory views, side panel drill-downs, and management actions for monitoring and investigating security scans across your repositories.
Manage scans via public APIs
To support automated workflows at scale, the Cortex Cloud Application Security public API for scan management enables programmatic access to scan lifecycle operations. These APIs provide the scan orchestration and observability layer that connects scan execution to programmatic governance workflows. This allows you to integrate scan orchestration, health monitoring, and result analysis directly into CI/CD pipelines, custom dashboards, and compliance reporting systems without requiring manual interaction with the console. For more information, refer to Manage scans through public APIs.
Core achievements
Scan health monitoring: The scan inventory surfaces the health status of every scan, Completed, Error, Partially Completed, or In Progress, enabling rapid identification of repositories where scanners are failing or producing incomplete results
Issue and finding visibility: Each scan row provides severity breakdowns (Critical, High, Medium, Low) and type breakdowns (IaC, Secrets, Vulnerabilities, Licenses, Code Weaknesses, CI/CD Risks) that quantify the security signal produced by the scan without requiring navigation to the issues inventory
Coverage gap detection: Repositories that do not appear in the periodic scan inventory or that show persistent scan errors indicate coverage gaps that require investigation and remediation
Policy enforcement verification: PR scan results display the blocking policy name when a pull request is blocked by a Unified Application Security Policy, enabling verification that policy enforcement is functioning as configured
Rescan capability: Failed or partially completed periodic scans can be rescanned directly from the inventory or the side panel, enabling rapid recovery from transient scan failures
Functional responsibilities
AppSec managers (Governance): Review scan health across the repository fleet to identify repositories with failed or partially completed scans. Monitor scan coverage by verifying that all onboarded repositories have recent scan results. Investigate scan-level issue breakdowns to validate that scanner configurations are producing actionable security intelligence. Use scan health trends to inform scanner enablement and policy decisions
AppSec practitioners (Operations): Investigate individual scan results to understand the issues and findings detected by each scanner type. Trigger rescans for repositories with failed or partially completed periodic scans. Monitor PR scan results to verify that pull request scanning is blocking policy-violating code changes. Track CI scan results to ensure build pipeline security checks are executing correctly