You can install Fluid Attacks' CI agent to help you automatically enforce your vulnerability acceptance policies.
Depending on your organization or group's general policies, the agent will break the build, which means preventing any software author from deploying a build with open vulnerabilities to production. With this measure, your development team is forced to fix security issues as soon as possible.
To learn to install the agent, you can read the dedicated page or view the tutorial video, "Install the DevSecOps agent with Docker and view its execution logs."
You need a DevSecOps token for the installation. Read on to learn how to manage it.
Go to the Scope of the corresponding group.
Scroll down until you find the DevSecOps agent section.
Click the Manage token button.
Then, click on Reveal token.
To create the token, click on the Generate button.
Once generated, you can copy the token by clicking on Copy.
If your token has already expired (of which you would previously be notified by e-mail), you must follow the same instructions provided in Generate the DevSecOps token.
It is straightforward if you wish to reset a still valid token (because of a problem or need to change it). Click the Manage Token button, then the Reveal token button, and once your current token is revealed, click the Reset button. A new token will be generated, which you can also copy by clicking on the Copy button.
The DevSecOps token is valid for 180 days and each token is unique and different for each group. Also, keep in mind that the generation/renewal/reset of the agent token is the users' work.
To view the logs of the Agent's execution in a specific group, go to the group's DevSecOps section. Read DevSecOps Agent page for details on that section.