Imagine that you want to validate your opened vulnerabilities for a specific project and block your CI/CD pipeline depending on pre-defined vulnerability policies. The Security Gate feature helps you with that by letting you define policies such as:
- Vulnerability Quantity by severity (Low, Medium, High, Critical)
- Vulnerability sources (For example, external integrations such as Checkmarx or Qualys, and also Conviso Platform scanners)
First, you need to define the policies for the specific project. Let us define for this example that a CI/CD pipeline needs to be blocked when there is more than 5 high severity vulnerabilities. If the policy that was defined is true and the asset in fact has more than 5 high severity vulnerabilities, then the Security Gate feature will break the job execution of the pipeline indicating the cause with the details of why it did not pass through.
For the previous example it can be used the following policy rules:
If you want to avoid validating a specific severity value, you just need to remove it from the rules content. For example, in case you want to validate only critical and high severity: