Fortinet black logo

Online Help

Home FortiCWP 22.2.a Online Help

Add Policy to CI/CD Integration

22.2.a
22.2.a
22.1.0
21.3.0
21.2.1
21.2.0
21.1.0
20.3.0
20.2.0
20.1.0
4.4.0
4.2.0
Copy Link
Copy Doc ID f5cba41d-b79a-11ec-9fd1-fa163e15d75b:140786

Add Policy to CI/CD Integration

Before you can integrate FortiContainer with your Jenkins projects, first you will need to create a policy on FortiContainer. Follow the instructions below to add a policy to be applied to the Jenkins project.

  1. On the Container Protection navigation menu, go to POLICY CONFIG > CI/CD Integration.
  2. Click +ADD NEW in the top right hand corner.

  3. In Policy Name field, enter a Policy Name.

  4. In Resources section, enter your Jenkins Server Url and Jenkins Project name In Images, enter a Regex to scan only selected images for vulnerabilities or enter ".*" to scan all images for vulnerabilities. Jenkins Server Url can be found in Manage Jenkins > Configure System on your Jenkins portal.
  5. In Block if section, check the vulnerability severity level and enter corresponding number of severities to be detected before the built image is blocked from being deployed to the public cloud registry.

    6. For example, if medium severity level vulnerabilities is checked with a threshold of 5 means when there are more than 5 medium vulnerabilities, the built image will be prevented from being deployed.

  6. Click Enabled toggle switch button to enable the policy. In Grace Period option, set the age of vulnerabilities should be before taken into consideration of blocking the image from deployment.
  7. Click Show Advanced Settings to add CVE in the CVE Allowlist or CVE Blocklist.

    8. The CVE IDs added to the allow list will be excluded from counting toward the threshold to block the built image. The CVE IDs added to the block list will always block the built image from deployment when detected regardless of the total number of vulnerabilities.

    You can search for CVE IDs through searching the CVE List here: https://cve.mitre.org/cve/search_cve_list.html

  8. Click Add CICD Integration Policy to complete adding the policy.

Previous
Next

Add Policy to CI/CD Integration

Before you can integrate FortiContainer with your Jenkins projects, first you will need to create a policy on FortiContainer. Follow the instructions below to add a policy to be applied to the Jenkins project.

  1. On the Container Protection navigation menu, go to POLICY CONFIG > CI/CD Integration.
  2. Click +ADD NEW in the top right hand corner.

  3. In Policy Name field, enter a Policy Name.

  4. In Resources section, enter your Jenkins Server Url and Jenkins Project name In Images, enter a Regex to scan only selected images for vulnerabilities or enter ".*" to scan all images for vulnerabilities. Jenkins Server Url can be found in Manage Jenkins > Configure System on your Jenkins portal.
  5. In Block if section, check the vulnerability severity level and enter corresponding number of severities to be detected before the built image is blocked from being deployed to the public cloud registry.

    6. For example, if medium severity level vulnerabilities is checked with a threshold of 5 means when there are more than 5 medium vulnerabilities, the built image will be prevented from being deployed.

  6. Click Enabled toggle switch button to enable the policy. In Grace Period option, set the age of vulnerabilities should be before taken into consideration of blocking the image from deployment.
  7. Click Show Advanced Settings to add CVE in the CVE Allowlist or CVE Blocklist.

    8. The CVE IDs added to the allow list will be excluded from counting toward the threshold to block the built image. The CVE IDs added to the block list will always block the built image from deployment when detected regardless of the total number of vulnerabilities.

    You can search for CVE IDs through searching the CVE List here: https://cve.mitre.org/cve/search_cve_list.html

  8. Click Add CICD Integration Policy to complete adding the policy.

Previous
Next