Secure Code Warrior® Trust Agent Policy gating enables you to apply your secure development training policy directly where it matters most - within your repositories and CI pipelines - allowing you to set higher standards for developers contributing to your business-critical code repositories and providing a new level of proactive security and governance.
Step 1
The policy gating configuration can be accessed by navigating to Administration > Trust Agent Configuration > Manage Policy > Policy Gating. Enable policy gating by toggling the switch.
Step 2
Connect your repositories to Trust Agent with our CI check tool. This tool performs the policy compliance check from within your CI pipelines and is designed to return the result directly in pull requests.
Click Connect Repositories and follow this guide to set up the CI check tool required for policy gating to take effect.
Step 3
Once you have connected your repositories, you can view them by clicking View Repositories. This will open a modal dialog containing a list of repositories that we have received a policy check request from, as well as its status based on your policy gating scope configuration (see below for more information on configuring scope). Click the (X) in the top right corner to dismiss the Connected Repositories dialog.
Step 4
Now you can configure the following policy gating settings:
Restriction Level
You can configure the restriction level that you want to apply to pull requests in the section shown below. This setting determines the strictness of the CI policy check performed against the pull request contributors and determines the requirements for the check to pass.
Allowing high and moderate trust commits requires developers to have satisfied training policy requirements in any language, whereas allowing only high trust commits means that developers need to have satisfied training policy requirements in the languages used in the commit. Please see this article for more information on configuring your Trust Agent training policy.
Scope
The scope section allows you to apply policy gating checks to all repositories or critical repositories only. This can be used to protect only repositories that comprise your business critical systems rather than having it apply to every single repository, as this can often include large numbers of development or test repositories. You can tag repositories as critical in the Repositories tab.
Custom Message
A custom message can be displayed within the policy check response that is displayed in the CI pipeline output. This can be used to explain the training program that has been rolled out, the reasons for implementing policy gating, and to provide contact details of the training program owner to the developers creating pull requests within in-scope repositories.
Step 5
Lastly, some commit modelling is provided to allow you to preview the likely allow rate based on the current configuration and recent commits that have been made. This can be used to check whether your policy gating configuration is too strict, and therefore may significantly impact development activity, particularly if your CI system is configured to interpret a failed policy gating check as blocking.
Related Articles:
- What is the Secure Code Warrior® Trust Agent?
- Trust Agent FAQs
- How to connect Trust Agent policy gating to your CI pipelines
Comments
0 comments
Article is closed for comments.