Integrate CI tools - Administrator Guide - Cortex Cloud Posture Management - Cortex CLOUD

Cortex Cloud Application Security
Product
Cortex Cloud Posture Management
Cortex Cloud Application Security > Cortex CLOUD
Creation date
2025-01-22
Last date published
2026-05-31
Category
Administrator Guide

By integrating CI tools, you get two main benefits: code scans and streamlined security workflows. This is achieved by inserting code snippets directly into your existing CI workflows, which then use the Cortex CLI to trigger automated security checks:

  • Code scans:

    • Code scanning for IaC (Infrastructure as Code): Finds misconfigurations in your IaC files, ensuring your cloud and infrastructure environments are secure from the start

    • Software Composition Analysis (SCA) scans: Identify vulnerabilities in open-source libraries and third-party components, along with license misconfigurations and package integrity issues

    • Secrets detection: Finds hardcoded secrets, such as API keys and passwords, in your code and pipelines to prevent unauthorized access and data breaches

  • Streamlined workflows: By integrating security scans directly into your CI/CD pipelines, you achieve a shift-left security model, moving security from a final check to an early, continuous process within the development lifecycle.

    • Early threat detection: You can identify and fix security threats as soon as they are introduced

    • Automated and seamless integration: The use of code snippets and a unified CLI makes the security checks a seamless part of your existing CI process, requiring no manual intervention

You can integrate your CI tools and systems through the platform wizard or by directly adding a code snippet to your pipelines in supported systems.

Integrate CI tools via the tenant UI wizard

Cortex Cloud Application Security supports the following CI tools for onboarding via the UI wizard:

Manage CI Tools

To access CI tool management, navigate to SettingsData Sources & Integrationshover over a CI toolView Details.

You can perform the following actions on CI tools:

  • Delete an instance: Right-click on an instance of the CI toolDelete instanceDelete

  • Remove a connected repository: Select an instance of the CIright-click on a repositoryRemove Repository

  • Select the repository branches to be scanned: Select an instance of the CIright-click on a repository Set Scanned Branchesselect a branch/multiple branchesSave

  • Perform a manual scan of the repository: Select an instance of the CIright-click on a repository Scan Repository