Skip to main content
availability

Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)

Security criteria

It's possible to create security criteria at a global or project level to control CI/CD pipeline build failures based on security conditions.

Global and project-level criteria

Only one security criteria entered at a global level can be set as default so that it's applied to all projects automatically.

Default global security criterion doesn't override the project level criteria but works alongside them.

So, suppose there's a default security criterion entered at a global level and a different one at a project level. In that case, Invicti AppSec checks for both before deciding if the project meets or fails security criteria.

Import global criteria

Other global security criteria not set as default can be imported under the Security Criteria section in each project's settings.

Criteria activation timing

Once security criteria are entered within global settings, they take effect either within 10 minutes or after one of the following events:

When a vulnerability is updated (by manually changing severity or by marking it as a false positive or won't fix)
When a new scan is run, or a new file is imported

Label associations

Labels can be associated with global security criteria. If the same label related to a global security criterion is added to a project, the global security criterion associated with that label is automatically assigned to the project.

Edit imported criteria

Global security criteria imported to projects can be edited under project settings. However, changes made only apply to the specific project, and global criteria remain unchanged.

How security criteria work

  1. Define thresholds: Set specific conditions that determine when builds should fail
  2. Set scope: Apply criteria globally (as default or templates) or at the project level
  3. Associate labels: Link criteria to specific labels for automatic project assignment
  4. Monitor builds: Track project compliance on global and product-level dashboards
  5. Automatic enforcement: Criteria run continuously to evaluate project security status

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?