CI/CD risks identify vulnerabilities and misconfigurations in pipelines, then prioritize them into actionable issues for efficient remediation.
CI/CD pipeline risks are a set of predefined rules that identify pipeline vulnerabilities. Scans analyze both code and configurations of integrated VCS and CI/CD systems and pipelines, as well as their inter-connectivity, to detect these risks. The risks are classified based on security categories including attack vectors, misconfigurations, and bad practices found throughout your CI/CD pipelines.
CI/CD pipeline risk findings, detected during scans, are displayed in a dedicated table for analysis and investigation. Cortex Cloud Application Security then applies context and prioritizes these findings to create CI/CD pipeline risk issues. These issues represent the smallest unit of risk that can be remediated, and are displayed in their own dedicated inventory. You can remediate CI/CD pipeline risk issues manually by applying suggested fixes.
Note
Cortex Cloud Application Security CI/CD pipeline scans create a comprehensive inventory of all CI/CD pipelines in your environment. For more information refer to CI/CD pipeline as an asset.