Learn about Application Security CI/CD policy Condition filters and attributes.
CI/CD policy Condition attributes allow you to narrow and focus your policy on specific configurations and risks within your pipelines, workflows and VCS systems.
The following attributes are supported:
Severity. Values: Select All, Critical, High, Medium, Low
Backlog Status. Values: Select All, Backlog, New
For more information about Backlog Status, refer to Backlog baseline
Respect Developer Suppression. Values: Select All, Yes, No
For more information on developer suppressions, see ??? below
Category. The top-level domain for organizing security findings. Values: Configuration, Vulnerability, Malware, Identity, Data, Code, Posture, Brand Protection
Provider: The CI/CD platform where the policy will look for misconfigurations. Values: Select All, GitLab CI, Azure Pipelines, GitHub Actions, Circle CI, Jenkins
AppSec Rule: A multi-selection list of available detection rules. Use the search field to find and select the relevant rules
AppSec Rule Label: A multi-selection list of available rule labels
Subcategory: Subcategories follow the OWASP Top 10 CI/CD Security Risks and similar standards. They define the specific technical security domain or attack vector being addressed, acting as granular filters that allow you to fine-tune the policy to target highly specific risks within your pipelines and VCS assets.
Subcategory Values: Third Party Services, Artifact Integrity Validation, Credential Hygiene, Data Protection, Dependency Chains, Identity & Access Management, Input Validation, Flow Control Mechanisms, Pipeline Based Access Control, Poisoned Pipeline Execution, System Configuration