The CI/CD pipeline inventory provides the identity, provider context, build activity, security health, and deployment traceability needed to manage every pipeline as a governed asset, from discovery through remediation.
Cortex XDR discovers and inventories every CI/CD platform instance connected through active CI/CD integrations. Each CI/CD instance, whether a Jenkins server, GitHub Actions organization, GitLab CI group, Azure DevOps organization, or CircleCI organization, appears in the unified asset inventory as the platform-level entity that hosts and executes CI/CD pipelinesthe platform-level entity that hosts and executes CI/CD pipelines, carrying its identity metadata, CI/CD provider, platform version, instance URL, associated pipelines, and aggregated security health.
The CI/CD instance asset enables security teams to answer three questions about every CI/CD platform: what CI/CD platforms exist in the organization, what is the security posture of each platform, and which pipelines does each platform host.
Note
Scope: The CI/CD instance asset represents a CI/CD platform instance discovered through an active CI/CD integration. The CI/CD instance asset captures the platform identity, version, and aggregated security postureplatform identity, version, and aggregated security posture across all pipelines hosted on the instance. The CI/CD instance asset does not represent individual CI/CD pipelines, pipeline runs, or build logs; individual pipelines are managed as a separate asset category (CI/CD Pipeline), and pipeline runs are tracked as scan events. The CI/CD instance asset does not represent VCS organizations; VCS organizations are managed under the VCS Organization asset category.The CI/CD pipeline asset represents a CI/CD pipeline definition associated with an onboarded repository or CI/CD integration. The CI/CD pipeline asset captures the pipeline configuration and build activitypipeline configuration and build activity as discovered through CI/CD scanning. The CI/CD pipeline asset does not represent individual pipeline runs, build logs, or CI/CD scan results; pipeline runs are tracked as scan events, and CI/CD risk findings are managed as issue types under Application Security Issues. The CI/CD pipeline asset does not represent CI/CD instances (e.g., Jenkins servers, GitHub organizations); CI/CD instances are managed as a separate asset category.The repository asset represents a VCS repository onboarded into Cortex XDR. The repository asset does not represent container image repositories, artifact registries, or cloud resource inventories; those asset categories are managed under the Compute and Cloud asset classes respectively.
The CI/CD instance asset is the foundational unit of platform-level CI/CD governance in Cortex Cloud Application Security. The CI/CD instance inventory provides the identity, provider context, platform version, aggregated security health, and pipeline visibility needed to manage every CI/CD platform as a governed asset; from discovery through remediation..
Instance discovery and identity: Every CI/CD platform instance connected through a CI/CD integration is automatically discovered and registered in the unified asset inventory with a unique asset identifier, instance name, CI/CD provider, and instance URL. The CI/CD instance asset serves as the persistent identity record for the CI/CD platform
Instance-level security posture aggregation: The CI/CD instance asset carries a security health profile aggregating CI/CD configuration risk findings from the CI/CD Risks scanner into a severity breakdown , the count of Critical, High, Medium, and Low issues. Instance-level aggregation provides a platform-wide security view that surfaces systemic configuration risks affecting all pipelines hosted on the instance
Pipeline aggregation and visibility: The CI/CD instance asset provides direct visibility into all CI/CD pipelines hosted on the instance through the Pipelines tab, enabling platform-level pipeline management and cross-pipeline risk assessment
Coverage measurement: The Coverage page tracks the scanning coverage status of CI/CD instances, enabling AppSec Managers to identify CI/CD platforms that are not actively monitored for configuration risks
The CI/CD instance asset model facilitates a structured delegation between governance and operations:
AppSec managers (Governance): Review the CI/CD instance inventory to identify platform-level configuration risks mapped to the OWASP CI/CD Top 10, assess provider-level coverage gaps, and evaluate the security posture of each CI/CD platform across the organization. Define unified policies using the CI/CD Configuration Scan policy type to enforce platform security standards across all onboarded CI/CD integrations. Prioritize remediation based on the concentration of Critical and High severity CI/CD risk findings per instance
AppSec practitioners (Operations): Investigate CI/CD instance configuration risks and apply remediation guidance at the platform level. Navigate from the CI/CD instance to individual pipelines hosted on the instance to assess pipeline-level risks. Track remediation progress through resolution statuses and SLA compliance
Cortex XDR models the following relationships between the CI/CD instance asset and other asset categories to provide organizational context and aggregate security posture.
Related asset category | Inherited metadata and description |
|---|---|
VCS organization (Parent) | The VCS organization that the CI/CD instance is associated with (for example, the GitHub organization that hosts GitHub Actions workflows). The CI/CD instance is attached to the VCS organization for organizational context. The CI/CD instance inherits the VCS organization provider type and organizational context |
CI/CD pipeline (Child) | CI/CD pipelines hosted and executed by the CI/CD instance. The instance aggregates security posture across all child pipelines. Child pipelines inherit the CI/CD instance provider type. The CI/CD instance aggregates pipeline-level CI/CD risk findings into the instance-level security health profile |
CI/CD instance assets inventory
To view and manage CI/CD instance assets, you must have:
At least one CI/CD integration active (GitHub Actions, GitLab CI, Jenkins, Azure Pipelines, Bitbucket Pipelines, CircleCI, Argo CD, AWS CodeBuild). CI/CD instances are discovered through active CI/CD integrations.
At least one completed periodic scan that includes CI/CD configuration scanning results
To access repository assets, go to Inventory, select → → .
The CI/CD instances assets page includes a dashboard and an inventory table.
The dashboard includes a widget displaying the connected CI/CD providers (such as Jenkins, GitHub Actions, and GitLab CI) and the number of instances found in each provider. Selecting an item in the widget filters the table accordingly.
The following table describes the default exposed properties of the CI/CD instance asset table. Select Menu Settings to view additional hidden properties.
Property | Description |
|---|---|
Name | The name of the CI/CD instance as discovered from the CI/CD integration. The Instance Name serves as the primary identifier for the CI/CD instance asset |
Provider | The CI/CD platform type hosting the instance (Jenkins, GitHub Actions, GitLab CI, Azure Pipelines, CircleCI), displayed with a provider icon |
URL | The direct URL to the CI/CD platform instance (for example, |
Last Observed | The date and time when the CI/CD instance was most recently detected or synchronized by the active CI/CD integration. This timestamp helps verify that the integration is actively monitoring the platform |
Pipeline Count | The total number of CI/CD pipelines hosted and executed by the CI/CD instance. This metric helps assess the scale, usage, and potential blast radius of the platform |
The CI/CD Instances page displays a table of all CI/CD instance assets discovered through active CI/CD integrations. Apply filters to narrow results based on operational and security metadata.
To effectively reduce the organization CI/CD risk surface, apply the following filter combinations to prioritize remediation efforts:
Scope by CI/CD provider: Use the Provider filter (or dashboard widget) to isolate the inventory by provider (for example, Jenkins or GitHub Actions) to evaluate provider-specific misconfigurations and enforce platform-level security standards
Assess blast radius by pipeline count: Review the Pipeline Count attribute to identify the CI/CD instances hosting the largest number of pipelines. Securing these high-volume platforms effectively reduces risk across a broader segment of your development lifecycle
Right-click on a row in the inventory table to take the following actions:
Open in new tab: Opens the description tab of the asset for detailed analysis of the issue
View asset data: Opens a new pop-up window displaying the data retrieved for the asset during the most recent scan in either JSON (default) or tree view. This raw data provides a comprehensive and unformatted view of the asset's properties and attributes as they were initially ingested
Copy text to clipboard: Copies the selected text to the clipboard
Copy entire row: Copies the entire selected row data
Show/hide rows: Stand on data in a row and filter the entire inventory to show or hide assets based on the selected attribute
Open in Cortex Assistant/Open in Cortex Agentic Assistant: Opens the repository in Cortex Assistant or Cortex Agentic Assistant.
Click the download icon (showing Export to file when hovering over the icon) in the top right of any asset page to export the asset data.
CI/CD instance assets details
Select a CI/CD instance row in the table to open its side panel. This provides a consolidated workspace for investigating platform-level security posture without navigating away from the asset inventory. The health profile represents the current security state of the CI/CD platform configuration.
From the CI/CD Instances table, select the Agentic Agentic icon and then select Application Security from the agents menu. You can then query instance-specific insights.
You can also access the agent in the side panel by clicking the Ask AI icon.
Navigate through the following tabs in the side panel to review the instance context. This helps prioritize remediation efforts based on platform criticality and assess the potential impact of misconfigurations:
Overview tab: Displays key instance properties, including the provider type, instance URL, and platform version. Also shows the severity breakdown of CI/CD configuration risk issues associated with the instance
Pipelines tab: Displays all CI/CD pipelines hosted on the CI/CD instance. Select a pipeline row to open the CI/CD pipeline asset side panel for cross-asset investigation without navigating away from the CI/CD instance context
Compliance tab: Displays the compliance posture of the CI/CD instance against relevant industry frameworks and security benchmarks
You can investigate specific security findings directly from the asset side panel. From the Overview tab, you can select specific issues or cases associated with the CI/CD instance, or you can investigate risks by category using the dedicated issues tab.
Tab name | Description |
|---|---|
CI/CD Configuration | Displays CI/CD configuration risk findings detected at the instance level by the CI/CD scanner. Each risk finding includes the detection rule identifier, risk name and description, severity level, OWASP CI/CD Top 10 category mapping, and evidence sentence with linked metadata |
Selecting an issue opens a dedicated issue side card directly over the inventory view. This allows you to review detailed information, including the detection rule, severity level, OWASP CI/CD Top 10 category mapping, and evidence, and apply remediation guidance without losing your place in the asset inventory.
Note
Navigate to the dedicated → → page to manage the CI/CD risks remediation lifecycle at scale through bulk status updates, team assignments, and SLA tracking for compliance monitoring.
After reviewing the instance health, you can perform the following operations:
Open in Provider: Available from the side panel Actions menu. Click Open in Provider to navigate directly to the CI/CD platform console at the instance URL (for example, the Jenkins dashboard or the GitHub organization page)
View asset data: Available from either the side panel Actions menu or by right-clicking the resource in the main table. Click View asset data to view raw instance data in JSON (default) or tree view formats to assist with custom integrations, XQL queries, or API operations
Limitation | Description |
|---|---|
CI/CD integration required | CI/CD instance assets are only created through active CI/CD integrations. Disconnected or removed CI/CD integrations result in the CI/CD instance asset no longer receiving updated scan data |
Provider support scope | CI/CD instance discovery is limited to supported providers: Jenkins, GitHub Actions, GitLab CI, Azure Pipelines, and CircleCI. CI/CD platforms on unsupported providers are not discovered as instance assets |
No Code-to-Cloud lineage | The CI/CD instance asset does not directly participate in the Code-to-Cloud relationship graph. Code-to-Cloud lineage is tracked at the CI/CD pipeline level, not the instance level |
Instance URL availability | The Instance URL property is populated only when the CI/CD integration provides the platform URL. Instances without a discoverable URL display an empty Instance URL field |
Version data availability | The Version property is populated only for CI/CD providers that expose platform version metadata through the integration (for example, Jenkins). Not all CI/CD providers expose version information |
CI/CD Configuration Scan policy restrictions | The CI/CD Configuration Scan policy type supports only the Periodic Scan trigger. PR Scan, CI Code Scan, CI Image Scan, and Image Registry Scan triggers are not available for CI/CD Configuration Scan policies |
Security posture aggregation scope | The instance-level security health profile aggregates CI/CD configuration risk findings only. Vulnerability, code weakness, and secrets findings are tracked at the repository and pipeline levels, not the instance level |