Jit security pipelines are a live representation of Jit continuous security (CS) implementation that provides the following benefits:
- Confirming value added by Jit ("Jit is working").
- Peace of mind in knowing the health (running or not) of all security tools.
- Verification of compliance (SOC2, Iso, etc).
Pipelines include the security workflows and constituent jobs (typically security tools) that Jit executes. These pipelines have a fixed lifecycle that progresses through a Queued and then Running state, before terminating in either Success or Failed. Failure of a single job is sufficient to fail the entire pipeline. Pipelines are associated with a scanned resource (either a repo, service, cloud infrastructure account, etc.) and a trigger (e.g. a pull request creation).
For code-centric security, pipelines trigger when a change is pushed to a project. Pipelines can also be scheduled, as is the case for non-code-centric security.
You can click certain triggers, such as pull requests, to view them directly on GitHub. Pipelines also have scope: Their workflows can cover the entire resource ('All') or only the latest changes ('Change').
You can click a Resource, such as repository name, and view it.
When visiting the Pipelines page, you will see a live and continuous list of the pipelines in your organization.
Updated about 2 months ago