Making vulnerable code never see the light

Some of you may have noticed a new tab in your Integrates projects:

And yes… I know it! You’ve clicked on it!

What you’ve probably found is a small table with many rows, dates, and some security assertions about your system:

Each one of this rows corresponds to an execution of the Forces service (previously called Break Build), which puts at your disposal:

  • The execution log
  • The source code repository from which the execution was triggered
  • The vulnerabilities found (file, URL, port, and the location of the vulnerabilities)
  • The status of the execution, either your system is Vulnerable or it’s Secure
  • Whether or not the deployment of vulnerable code was allowed into production systems (Strict execution), or not (Lax or Non-strict)

If you want to get more information about what the Forces service is and how it can help your organization in the closing of security vulnerabilities please get in touch!

You can read more about the tool that powers it all here.