Security Pipelines

Overview

Jit security pipelines are a live representation of Jit continuous security (CS) implementation that provides the following benefits:

  1. Confirming value added by Jit ("Jit is working").
  2. Peace of mind in knowing the health (running or not) of all security tools.
  3. Verification of compliance (SOC2, Iso, etc).

Pipelines Architecture

Pipelines include the security workflows and constituent jobs (typically security tools) that Jit executes. These pipelines have a fixed lifecycle that progresses through a Queued and then Running state, before terminating in either Success or Failed. Failure of a single job is sufficient to fail the entire pipeline. Pipelines are associated with a scanned resource (either a repo, service, cloud infrastructure account, etc.) and a trigger (e.g. a pull request creation).

📘

Note

For code-centric security, pipelines trigger when a change is pushed to a project. Pipelines can also be scheduled, as is the case for non-code-centric security.

You can click certain triggers, such as pull requests, to view them directly on GitHub. Pipelines also have scope: Their workflows can cover the entire resource ('All') or only the latest changes ('Change').

You can click a Resource, such as repository name, and view it.

When visiting the Pipelines page, you will see a live and continuous list of the pipelines in your organization.


Did this page help you?