Onboard CI/CD systems to scan for configuration threats in your organization's instance, pipelines, and individual repositories. By onboarding supported version control systems (such as GitHub and GitLab) , you gain out-of-the-box CI/CD scanning capabilities. However, you must explicitly onboard CircleCI and Jenkins to enable scanning for these systems.
Onboarding CI/CD systems provides the following:
Organization instance configuration threats: This type of scan detects security issues at the level of the overall organization's instance of a version control system (VCS), such as GitHub. For example, it can flag risks such as Project webhook SSL verification disabled or Variable is not scoped to an environment.
Pipeline configuration risks: This scan identifies security risks within the configuration of your pipelines. Examples of risks it detects include Excessive GitHub Action permissions, using an unpinned container image in a pipeline, or CI instance accesses cloud provider using insecure long-term credentials
Repository configuration issues: This scan checks problems with the settings and configurations of individual code repositories. Examples include Forking of a private repository is allowed and A change in settings so that a review is no longer required before merging code