Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

How to reduce the secutiry rating in cloud manager pipeline ?

Avatar

Level 9
Level 9
7/21/22 8:51:39 AM

My build is getting failed due to below error

 

In order to achieve an Security Rating of A or better, the code base must not have any Vulnerability issues with a severity of Minor or higher.

 

When I reviewed the report, I see that I have just 2 minor vulnerabilities but the build got failed because of the above rule. Instead of checking minor one I want to check only medium and high severity. Is this possible to modify this rule in the pipeline ?

Views

930

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
7/22/22 2:00:38 AM

Failure threshold for various ratings are not configurable and are standardised.

Screenshot 2022-07-22 at 09.59.14.png

 

 

Instead you should be handling the individual vulnerabilities as exception using @SuppressWarnings annotation. Please refer to [1]

 

[1] - https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-...

View solution in original post

Views

895

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Community Advisor
Community Advisor
7/21/22 9:12:29 AM

@Mario248 

After code scan you will get option for review. Click on review and select the option override and approved.

It will overridden the changes and deployed to the cloud.

You can proceed without metric failure by configuring “Proceed immediately” to the deployment pipeline as shown below.

 

Jagadeesh_Prakash_0-1658419904641.png

 

If the build is failing without the review option, then I guess you need to fix those vulnerable errors and then proceed 

Views

922

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
7/21/22 9:25:42 AM
In response to Jagadeesh_Prakash

Thanks for your message. I know this setting but where do I permanently modify security check. Basically I dont want to care about all MINOR vulnerability. I want to skip all minor by default. Is there any settings?

Views

919

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
7/21/22 9:58:41 AM

Hi @Mario248 ,

There is no simple toggle switch to reduce the vulnerability rating as far as I know.
I would suggest you follow the existing rules and fix your code.

you can validate your changes locally using the aemanalyser-maven-plugin: https://github.com/adobe/aemanalyser-maven-plugin and then initiate the final build.

If you still want to switch on to custom code quality rules, follow this doc : https://experienceleague.adobe.com/docs/experience-manager-cloud-manager/content/using/custom-code-q... 

Thanks,

Sravan

Views

913

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
7/22/22 2:00:38 AM

Failure threshold for various ratings are not configurable and are standardised.

Screenshot 2022-07-22 at 09.59.14.png

 

 

Instead you should be handling the individual vulnerabilities as exception using @SuppressWarnings annotation. Please refer to [1]

 

[1] - https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-...

Views

896

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
How to restrict number of items that can be added in carousel?

Views

0

Likes

0

Replies

0
Identifier com.adobe.cq.wcm.core.components.models.Page cannot be correctly instantiated by the Use API (500)

Views

61

Likes

0

Replies

2
AEM Clud migration: Strategy to reduce ACS AEM Commons dependency

Views

50

Likes

0

Replies

1
How to mask the image in AEM?

Views

67

Likes

0

Replies

2
Pipeline-free URL Redirects is not working in AEM Cloud Dispatcher

Views

118

Likes

0

Replies

5