By leveraging some available setting options and using some customization of the provided integration scripts, you can make the decision to halt project builds in your CI/CD system if SOOS detects vulnerabilities or violations to the policies you have in place.

Here's how:

  1. Click Configure in the left navigation and locate the Scan Settings. Here you can instruct SOOS to produce a failure flag based on specified severity levels of the various issue types SOOS identifies. These settings can be applied globally or to specific projects.
    • When this setting is applied, SOOS will return a fail flag to your CI/CD system. 
      • The exit code in the SOOS script is 1 = true
    • If these settings are not enabled, your build will be successful, regardless of the scan settings applied in the SOOS UI.

Build Fail Configurations

2.  The Fail Build on Policy Violations setting also requires you to enable the Fail Scan setting when building each independent policy in the Governance page. This allows you to instruct SOOS to fail the build for some policy violations, but not all.

scan fail policy settingScan Fail Policy Setting

3.  Finally, In order to leverage the fail flag to fully prevent your build from completing, you will need to modify the integration script for your CI/CD system by entering a command argument to fail the build in the presence of the flag returned through the script by SOOS.  Do this by ensuring the on failure parameter is set to fail on error. (Refer to your CI/CD documentation for how to set this).

Note: Omitting the fail argument in the CI/CD configurations will completely override the build fail settings entered in the SOOS app.

If you wish to know immediately when a scan fails, you can arrange to have notifications sent via email to an address of your choice.  Find this option in the Organization settings under your user settings in the left navigation menu.