With Enforcement Settings, users can now easily control how their systems (i.e. CI/CD pipelines) will behave when violations are identified.
There are three rules that users can now set directly from the Bridgecrew platform:
- Hard Fail: The system will fail the run when a violation occurs.
- Soft Fail: The system will notify the user about flagged violations, but will not fail the run.
- Comments Bot: Identified issues and fix suggestions will be surfaced as comments on VCS pull/merge requests.
Enforcement Rules can be set for each code category Bridgecrew scans for (IaC, secrets, Dockerfile images, and open-source packages) and by severity thresholds (Low, Medium, High, and Critical). You can also set enforcement rules to ‘Off’ if you want to prevent all runs from failing.
Results of the run will be reflected in run reports and our Code Review screen, while the Projects view will continue to show all identified violations.
You can also create Exceptions to set more or less stringent enforcement rules for specific repositories.
How this update may change your experience in the Bridgecrew platform:
- Code Review and Comments Bot Settings will be removed from the Code Configuration page.
- Existing rules that have previously been defined from on the Settings page will be migrated into new Enforcement Rules.
- If no existing rules exist, default rules will be defined for all users. All violations in IaC and secrets will be set to Hard Fail. All violations in Dockerfile images and open-source packages will be set to Soft Fail except for critical severity vulnerabilities which will Hard Fail by default.