Book a demo

Scanning Code and Artifacts in CI/CD Pipelines

OX Security integrates with CI/CD pipelines to scan code and artifacts changes as they are introduced. This enables early detection of vulnerabilities and misconfigurations during development, before code is merged or deployed.

Pipeline scanning is one of several targeted scanning methods supported by OX and is designed to complement the full scan.

While a full scan provides broad visibility across all repositories on a scheduled basis, pipeline scans focus on a single repository and analyze only the changes introduced in a specific push or pull request.

Benefits of pipeline scans:

  • Speed: Pipeline scans are faster because they only analyze modified files.

  • Immediate feedback: Scans run as soon as code is pushed or a pull request is opened.

  • Focused results: Helps developers quickly identify and resolve newly introduced issues like secrets or vulnerabilities.

How pipeline scanning works in OX

A pipeline scan runs automatically when triggered by version control events such as pushes or pull requests.

The scan analyzes the affected files or artifacts and reports any security findings. This allows teams to block risky builds and enforce secure coding practices early in the development lifecycle.

OX Security supports the following types of pipeline scans:

  • Pull request event scans: Scans only the files that were modified in the source branch before it is merged into the target branch.

  • Push event scans: Scans only the files that were modified in commits pushed to the source branch after the last successful pipeline scan on that branch.

Setting up pipeline scans

  1. Before setting up pipeline scans, make sure the repository went through a full scan.

Note: Pipeline scans can run even if a full scan has not been completed. However, running a full scan first is recommended for accurate and complete results, because pipeline scans rely on the application and repository data collected during the full scan.

  1. Go to the Applications page.

  1. Select a repository for which you want to configure pipeline scanning and click the Pipeline Settings icon at the top.

  2. In the Pipeline Settings page, review the settings that define how the scan behaves.

Note: OX Security recommends using the default settings.

  1. Configure the trigger mechanism in your source control platform.

  2. Go to the Pipeline Workflows page to define how OX reacts to findings.

  3. Validate the integration. Push a code change or open a pull request to verify that the pipeline scan runs and reacts as expected.

  4. View and analyze scan results.

Last updated