Expand my Community achievements bar.

SOLVED

How to reduce the secutiry rating in cloud manager pipeline ?

Avatar

Level 9
Level 9
7/21/22 8:51:39 AM

My build is getting failed due to below error

 

In order to achieve an Security Rating of A or better, the code base must not have any Vulnerability issues with a severity of Minor or higher.

 

When I reviewed the report, I see that I have just 2 minor vulnerabilities but the build got failed because of the above rule. Instead of checking minor one I want to check only medium and high severity. Is this possible to modify this rule in the pipeline ?

Views

662

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
7/22/22 2:00:38 AM

Failure threshold for various ratings are not configurable and are standardised.

Screenshot 2022-07-22 at 09.59.14.png

 

 

Instead you should be handling the individual vulnerabilities as exception using @SuppressWarnings annotation. Please refer to [1]

 

[1] - https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-...

View solution in original post

Views

627

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Community Advisor
Community Advisor
7/21/22 9:12:29 AM

@Mario248 

After code scan you will get option for review. Click on review and select the option override and approved.

It will overridden the changes and deployed to the cloud.

You can proceed without metric failure by configuring “Proceed immediately” to the deployment pipeline as shown below.

 

Jagadeesh_Prakash_0-1658419904641.png

 

If the build is failing without the review option, then I guess you need to fix those vulnerable errors and then proceed 

Views

654

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 9
Level 9
7/21/22 9:25:42 AM
In response to Jagadeesh_Prakash

Thanks for your message. I know this setting but where do I permanently modify security check. Basically I dont want to care about all MINOR vulnerability. I want to skip all minor by default. Is there any settings?

Views

651

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
7/21/22 9:58:41 AM

Hi @Mario248 ,

There is no simple toggle switch to reduce the vulnerability rating as far as I know.
I would suggest you follow the existing rules and fix your code.

you can validate your changes locally using the aemanalyser-maven-plugin: https://github.com/adobe/aemanalyser-maven-plugin and then initiate the final build.

If you still want to switch on to custom code quality rules, follow this doc : https://experienceleague.adobe.com/docs/experience-manager-cloud-manager/content/using/custom-code-q... 

Thanks,

Sravan

Views

645

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
7/22/22 2:00:38 AM

Failure threshold for various ratings are not configurable and are standardised.

Screenshot 2022-07-22 at 09.59.14.png

 

 

Instead you should be handling the individual vulnerabilities as exception using @SuppressWarnings annotation. Please refer to [1]

 

[1] - https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-...

Views

628

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply