CI/CD Rules
You can create your own rules in Panoptica to gain visibility into your organization's policies or compliance. Custom rules appear alongside built-in rules on the Policies page in the Panoptica console UI.
The CI/CD engine enables you to define custom rules that monitor you code base for potential risks.
Permissions required
Users must have an Owner or Ops role in Panoptica to create custom rules.
An Ops user can edit/delete custom rules that they created; an Owner can edit/delete any custom rule in your tenant. Panoptica system rules cannot be edited or deleted.
See User Management for details on User Roles.
Click the + Add Rule button at the top of the Policies tab to start building your own custom policy rules.
The Add Rule dialog box is where you define the rule logic, provide details about the rule, and define how and when it is executed.
Rule Logic
Use the CI/CD engine to define custom rules that monitor you code base for potential risks. By setting conditions for those findings, you can enforce custom policies, prioritize vulnerabilities, and effectively assess risks to your software development lifecycle.
- After choosing CI/CD in the Add Rule dialog box, select the Finding type from the Rule Logic dropdown list:
- IaC misconfigurations
- Vulnerabilities
- Select the condition that will trigger the rule – count, file, or package – and set the parameters for that condition. You can add more than one condition.
- Choose what Action you want Panoptica to take when the rule logic is triggered.
- Detect reports the finding in ...
- Block prevents the triggered code from running
Rule Info
This is the section where you provide details about the rule.
- Rule Name
A short textual name given to a rule. The name must be unique across your environment. - Description
A longer text that explains the motivation for this rule. This is also where you can store notes regarding the logic, execution, etc. - Severity
The severity of the rule’s results. - Created by
This will always default to the logged-in user.
Rule Execution
Once the rule is defined, you need to decide how the new rule is to be applied to your environment.
- Status
Select whether the rule should be Enabled or Disabled. - Scope
The selection of accounts and/or users on which this rule is to be run.
Note that policy rules are filtered by scope. If you create a rule in the Global scope, it will not be visible if you set the Top Bar Filter to another scope, and vice versa. See Scope Management for details on defining scopes. - Framework
Select the frameworks and/or categories that this rule is to be associated with. You can attach the rule to more than one custom framework, but you cannot associate with built-in frameworks defined by the system.
Don't forget to click Create Rule when you're finished defining your CI/CD custom rule.
Updated about 2 months ago