How to reduce the secutiry rating in cloud manager pipeline ? | Community
Skip to main content
Mario248
Mario248
Level 7
July 21, 2022
Solved

How to reduce the secutiry rating in cloud manager pipeline ?

  • July 21, 2022
  • 3 replies
  • 1624 views

My build is getting failed due to below error

 

In order to achieve an Security Rating of A or better, the code base must not have any Vulnerability issues with a severity of Minor or higher.

 

When I reviewed the report, I see that I have just 2 minor vulnerabilities but the build got failed because of the above rule. Instead of checking minor one I want to check only medium and high severity. Is this possible to modify this rule in the pipeline ?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Nirmal_Jose

Failure threshold for various ratings are not configurable and are standardised.

 

 

Instead you should be handling the individual vulnerabilities as exception using @SuppressWarnings annotation. Please refer to [1]

 

[1] - https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-cloud-manager/test-results/code-quality-testing.html?lang=en#dealing-with-false-positives

3 replies

Jagadeesh_Prakash
Community Advisor
Jagadeesh_PrakashCommunity Advisor
Community Advisor
July 21, 2022

@mario248 

After code scan you will get option for review. Click on review and select the option override and approved.

It will overridden the changes and deployed to the cloud.

You can proceed without metric failure by configuring “Proceed immediately” to the deployment pipeline as shown below.

 

 

If the build is failing without the review option, then I guess you need to fix those vulnerable errors and then proceed 

    Mario248
    Mario248Author
    Level 7
    July 21, 2022

    Thanks for your message. I know this setting but where do I permanently modify security check. Basically I dont want to care about all MINOR vulnerability. I want to skip all minor by default. Is there any settings?

      B_Sravan
      Community Advisor
      B_SravanCommunity Advisor
      Community Advisor
      July 21, 2022

      Hi @mario248 ,

      There is no simple toggle switch to reduce the vulnerability rating as far as I know.
      I would suggest you follow the existing rules and fix your code.

      you can validate your changes locally using the aemanalyser-maven-plugin: https://github.com/adobe/aemanalyser-maven-plugin and then initiate the final build.

      If you still want to switch on to custom code quality rules, follow this doc : https://experienceleague.adobe.com/docs/experience-manager-cloud-manager/content/using/custom-code-quality-rules.html?lang=en 

      Thanks,

      Sravan

        Nirmal_Jose
        Adobe Employee
        Nirmal_JoseAdobe EmployeeAccepted solution
        Adobe Employee
        July 22, 2022

        Failure threshold for various ratings are not configurable and are standardised.

         

         

        Instead you should be handling the individual vulnerabilities as exception using @SuppressWarnings annotation. Please refer to [1]

         

        [1] - https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-cloud-manager/test-results/code-quality-testing.html?lang=en#dealing-with-false-positives

          Terms & ConditionsAccessibility statement

          Loading footer...