| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-02-22 |
DevSecOps, ibm cloud, best practices, secure application, continuous integration, |
devsecops |
{{site.data.keyword.attribute-definition-list}}
{: #practices-cc-toolchain}
The CC pipeline is useful for a continuous scanning of existing deployed artifacts and their source repositories independent of your deployment schedule. The CC pipeline uses the async subpipeline that runs in parallel to the main pipeline run to optimize pipeline run time and improve pipeline resiliency. {: shortdesc}
The implementation of the continuous compliance (CC) toolchain DevSecOps follows these practices.
- Runs a static code scanner at pre-defined intervals on the application repositories. - Uses
detect secretsto prevent secret leaks in the application source code. - Scan the container image for any security vulnerabilities.
- Opens incident issues to track problems found during the pipeline run and is marked with a due date.
- Generate a
summary.jsonfile and stores in {{site.data.keyword.cos_full_notm}} or Git repositiory to summarize the results of the scan.