Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How to reduce the secutiry rating in cloud manager pipeline ?

Avatar

Level 4

My build is getting failed due to below error

 

In order to achieve an Security Rating of A or better, the code base must not have any Vulnerability issues with a severity of Minor or higher.

 

When I reviewed the report, I see that I have just 2 minor vulnerabilities but the build got failed because of the above rule. Instead of checking minor one I want to check only medium and high severity. Is this possible to modify this rule in the pipeline ?

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Failure threshold for various ratings are not configurable and are standardised.

Screenshot 2022-07-22 at 09.59.14.png

 

 

Instead you should be handling the individual vulnerabilities as exception using @SuppressWarnings annotation. Please refer to [1]

 

[1] - https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-...

View solution in original post

4 Replies

Avatar

Level 6

@Mario248 

After code scan you will get option for review. Click on review and select the option override and approved.

It will overridden the changes and deployed to the cloud.

You can proceed without metric failure by configuring “Proceed immediately” to the deployment pipeline as shown below.

 

Jagadeesh_Prakash_0-1658419904641.png

 

If the build is failing without the review option, then I guess you need to fix those vulnerable errors and then proceed 

Avatar

Level 4

Thanks for your message. I know this setting but where do I permanently modify security check. Basically I dont want to care about all MINOR vulnerability. I want to skip all minor by default. Is there any settings?

Avatar

Community Advisor

Hi @Mario248 ,

There is no simple toggle switch to reduce the vulnerability rating as far as I know.
I would suggest you follow the existing rules and fix your code.

you can validate your changes locally using the aemanalyser-maven-plugin: https://github.com/adobe/aemanalyser-maven-plugin and then initiate the final build.

If you still want to switch on to custom code quality rules, follow this doc : https://experienceleague.adobe.com/docs/experience-manager-cloud-manager/content/using/custom-code-q... 

Thanks,

Sravan

Avatar

Correct answer by
Employee Advisor

Failure threshold for various ratings are not configurable and are standardised.

Screenshot 2022-07-22 at 09.59.14.png

 

 

Instead you should be handling the individual vulnerabilities as exception using @SuppressWarnings annotation. Please refer to [1]

 

[1] - https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-...