Documentation
PolicyCortex AI: Automated Governance & Compliance for CI/CD Pipelines
Integrate PolicyCortex governance into your CI/CD pipelines for automated policy validation, security scanning, and compliance enforcement across your development workflow.
PolicyCortex CI/CD Quick Start: Installation and Configuration
CI/CD Integration Overview
Pre-Commit
Validate policies before code commit
- • Infrastructure as Code scanning
- • Configuration validation
- • Security policy checks
Build Stage
Comprehensive scanning during build
- • Container image scanning
- • Dependency vulnerability checks
- • Compliance validation
Deploy Stage
Runtime policy enforcement
- • Deployment validation
- • Runtime security checks
- • Continuous monitoring
Platform Integrations
GitHub Actions
Complete GitHub Actions Workflowyaml
name: PolicyCortex Security Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
policy-validation:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install PolicyCortex CLI
run: |
curl -fsSL https://cli.policycortex.com/install.sh | sh
echo "$HOME/.policycortex/bin" >> $GITHUB_PATH
- name: Scan Infrastructure Code
run: |
policycortex terraform scan \
--path ./infrastructure \
--frameworks soc2,hipaa,cis \
--output github-sarif \
--fail-on-severity HIGH
- name: Build and Scan Container
run: |
docker build -t myapp:${{ github.sha }} .
policycortex container scan \
--image myapp:${{ github.sha }} \
--output json \
--fail-on-severity HIGH
- name: Upload SARIF results
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: policycortex-results.sarifGitLab CI/CD
GitLab CI Pipelineyaml
stages:
- security-scan
- build
- deploy
variables:
POLICYCORTEX_API_KEY: $POLICYCORTEX_API_KEY
policy-scan:
stage: security-scan
image: policycortex/cli:latest
script:
- policycortex auth login --api-key $POLICYCORTEX_API_KEY
- policycortex terraform scan --path . --frameworks soc2,hipaa
- policycortex kubernetes scan --path ./k8s --output json
artifacts:
reports:
junit: policycortex-junit.xml
paths:
- policycortex-report.json
only:
- merge_requests
- main
container-scan:
stage: build
image: docker:latest
services:
- docker:dind
script:
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
- policycortex container scan --image $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
only:
- mainJenkins Pipeline
Jenkins Declarative Pipelinegroovy
pipeline {
agent any
environment {
POLICYCORTEX_API_KEY = credentials('policycortex-api-key')
}
stages {
stage('Policy Validation') {
steps {
script {
sh 'curl -fsSL https://cli.policycortex.com/install.sh | sh'
sh '''
export PATH=$PATH:$HOME/.policycortex/bin
policycortex terraform scan \
--path ./infrastructure \
--frameworks soc2,hipaa \
--output jenkins-junit \
--fail-on-severity HIGH
'''
}
}
post {
always {
junit 'policycortex-junit.xml'
archiveArtifacts artifacts: 'policycortex-report.json', allowEmptyArchive: true
}
}
}
stage('Build & Scan') {
steps {
script {
sh 'docker build -t myapp:{BUILD_NUMBER} .'
sh '''
policycortex container scan \
--image myapp:{BUILD_NUMBER} \
--output json \
--fail-on-severity CRITICAL
'''
}
}
}
}
}CI/CD Best Practices
Policy Enforcement
- • Fail fast on critical violations
- • Use different thresholds per environment
- • Implement policy exemptions carefully
- • Enable progressive policy enforcement
- • Monitor policy effectiveness metrics
Performance Optimization
- • Cache scan results between runs
- • Use incremental scanning for large repos
- • Parallelize security checks
- • Implement scan result caching
- • Optimize for fast feedback loops