CI/CD Compliance - CI/CD compliance ensures adherence to industry standards: CIS GitLab/GitHub and OWASP Top 10. - Administrator Guide - Cortex Cloud Posture Management

CI/CD Compliance - CI/CD compliance ensures adherence to industry standards: CIS GitLab/GitHub and OWASP Top 10. - Administrator Guide - Cortex Cloud Posture Management - Cortex CLOUD

Cortex Cloud Runtime Security Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Runtime Security

Creation date

2024-12-24

Last date published

2026-06-16

Category

Administrator Guide

Abstract

CI/CD compliance ensures adherence to industry standards: CIS GitLab/GitHub and OWASP Top 10.

Cortex Cloud CI/CD compliance focuses on the security posture of your delivery pipelines and version control systems. It detects misconfigurations, such as insecure branch protections or permissive runner access, that violate software supply chain security benchmarks

Supported standards: Cortex Cloud supports compliance checks against the CIS GitLab Benchmark v1.0.1, CIS GitHub Benchmark v1.0.0, and the OWASP Top 10 CI/CD Risks v2025.

Scope of checks:

Pipeline risks: Poisoned Pipeline Execution (PPE), insecure configurations
VCS security: Repository permissions, branch protection, access controls
Build security: Supply chain risks, credential management.