Break the build | Fluid Attacks Help

Break the build

Advice on inherited argument
Now you can ignore vulnerabilities found with SCA when breaking the build. Read about the new --inherited argument.
Fluid Attacks offers an automated security measure for your CI/CD pipeline to prevent builds with vulnerabilities from passing. Breaking the build compels your team to fix the code so that it can pass. To use this feature, you need to have Fluid Attacks' CI Gate installed and Internet connection.

You can run CI Gate locally and in your CI/CD pipeline.

Follow these steps to run CI Gate locally:

  1. Get the required token as shown in Install CI Gate to break the build.

  2. Pull the Docker image:

    docker pull fluidattacks/forces:latest

  3. Run the container with the command below, where <your-token> is the token you generated in step 1.

    docker run --rm -ti fluidattacks/forces:latest forces --strict –-breaking 7.0 --token <your-token>

    Note on Agent configuration
    Note: The above command is for CI Gate to break the build if any high severity vulnerability is present. Read the Arguments page section to learn to customize the CI Gate execution.
Follow the instructions presented in Run CI Gate on your CI/CD to use it with Azure DevOps, GitHub, GitLab and Jenkins.

Now that you have learned the basics to secure your software with Fluid Attacks, you can spare some time to learn more about the platform.