Prevent the deployment of builds with vulnerabilities | Fluid Attacks

Prevent the deployment of builds with vulnerabilities

You can install Fluid Attacks' CI agent to help you automatically enforce your vulnerability acceptance policies.

Depending on your organization or group's general policies, the agent will break the build, which means preventing any software author from deploying a build with open vulnerabilities to production. With this measure, your development team is forced to fix security issues as soon as possible.

To learn to install the agent, you can read the dedicated page or view the tutorial video, "Install the DevSecOps agent with Docker and view its execution logs."

You need a DevSecOps token for the installation. Read on to learn how to manage it.

Generate the DevSecOps token

Role requirement infoRole required: User, Vulnerability Manager or User Manager
Generating a token to use in your pipelines is easy.

  1. Go to the Scope of the corresponding group.

  2. Scroll down until you find the DevSecOps agent section.

  3. Click the Manage token button.

    Manage button

  4. Then, click on Reveal token.

    Reveal button
    Note on token errorNote: If you receive a pop-up message indicating an error message, which reads, "Token could not be found for the group," don't worry, this error typically occurs the first time you generate a token. Simply refresh the Scope section and proceed with step 5.

  5. To create the token, click on the Generate button.

  6. Once generated, you can copy the token by clicking on Copy.

    copy button

Update the DevSecOps token

Role requirement infoRole required: User, Vulnerability Manager or User Manager

If your token has already expired (of which you would previously be notified by e-mail), you must follow the same instructions provided in Generate the DevSecOps token.

Reset the DevSecOps token

Role requirement infoRole required: User, Vulnerability Manager or User Manager

It is straightforward if you wish to reset a still valid token (because of a problem or need to change it). Click the Manage Token button, then the Reveal token button, and once your current token is revealed, click the Reset button. A new token will be generated, which you can also copy by clicking on the Copy button.

The DevSecOps token is valid for 180 days and each token is unique and different for each group. Also, keep in mind that the generation/renewal/reset of the agent token is the users' work.

Alert over token errorAlert: If you get an error preventing you from generating, updating, or resetting the token despite following all the above steps, refresh the Scope section and try again. If the error persists, email help@fluidattacks.com indicating in detail the problem you are experiencing.

View the Agent's execution logs

Role requirement infoRole required: User, Vulnerability Manager or User Manager

To view the logs of the Agent's execution in a specific group, go to the group's DevSecOps section. Read DevSecOps Agent page for details on that section.

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.