Book a demo

Pipeline Workflows

Pipeline workflows in OX Security allow you to define how the system should respond to issues identified during CI/CD scans.

You can use workflows to configure conditions, such as severity levels or issue types, and specify whether to block the pipeline or raise an alert.

OX Security provides the following configuration methods for pipeline workflows:

After configuring a pipeline workflow, you need to activate it.

Working with the default pipeline workflow

OX Security provides a built-in default pipeline workflow. This workflow applies to all applications unless a custom workflow is assigned. It is recommended to work with this workflow when you only need small adjustments.

The default pipeline workflow includes predefined conditions and actions for common use cases, and it includes the following elements:

  • Trigger types: The default workflow includes triggers for all supported pipeline events.

  • Conditions: All severities (low and above) are included by default.

  • Actions: The default action for all conditions is set to alert.

You can view the default workflow by opening any development environment. Even when the workflow is disabled, you can expand it and inspect the configuration without activating it.

You can use a default pipeline workflow or create custom workflows based on your use cases.

To use the default workflow:

  1. Go to the Pipeline Workflows page.

  1. Click the Default workflow to review its configuration.

  2. Modify the workflow as needed:

    • Change alert to block.

    • Adjust severity levels.

    • Remove or add conditions and actions.

  1. Enable the default pipeline workflow.

  1. Activate the default pipeline workflow on the application.

Creating a new pipeline workflow

When you need many custom rules or want to separate workflows for different categories such as, secrets, specific branches, or apps, you can create a new workflow.

For example, to block critical secrets from entering the codebase, you can create a new workflow. When configured, this workflow ensures that any new secret of critical severity will block the pipeline and prevent the pull request from being merged.

To create a new workflow:

  1. In the Pipeline Workflows page, select Create New Workflow.

  1. Enter a name and a description for your new workflow.

  2. Select the applications or repositories it should apply to and select CREATE. A new policy appears on the page.

  3. Add triggers, conditions, and actions to your new pipeline workflow.

  1. Enable the workflow and activate it on the application.

Activating pipeline workflows

To run the workflow, make sure it is assigned to the application, enabled, and that pipeline integration has been completed for that application.

To activate a workflow on an application:

  1. Go to the Applications page, select the relevant applications, and then select the Pipeline Workflows icon.

  1. In the Pipelines dialog box, verify that the relevant pipeline workflows are enabled.

Alternatively:

  1. On the Pipeline Workflows page, click the workflow gear icon.

  1. In the Pipelines dialog box, select the applications in which you want to activate your pipeline workflow and select SAVE.

Last updated