Introduction
Security Gates can be configured to be a part of your DevOps process. Whether you are using our API or a platform like Copado, Security Gates allow you to set thresholds of acceptable levels of Issues by Severity level for a scan. If a Security Gate is active and those thresholds are exceeded, DigitSec will indicate that a scan has FAILED otherwise it will PASS. This can be a useful indicator for additional DevOps steps or for tracking purposes.
Environment Level Settings
For Admin level users, you can set an Environment level Security Gate by using the top-navigation CONFIGURE --> Security Gate. Please note there is a SELECT control labeled Enforce Security Gate with two options: Environment and Deactivate.
When the Environment Settings are selected and entered, these values will propagate. to all new Workspaces by default. If you do not enter a value in one of the Severity Levels, the system will add a Zero by default. If the Environment Security Gate is Deactivated, then new Workspaces will be created with a Deactivated Security Gate.
Please note that changing this setting at the Environment level does not automatically propagate to Workspaces. Each Workspace can override this setting.
When you are activating the Environment Security Gate or modifying the value for the Environment Security Gate, you must use the Save button to complete the configuration change. To Deactivate the setting, the new configuration will be saved when that menu option is selected.
Workspace Level Settings
A Workspace Security Gate can override the Environment Security Gate Settings. When accessing the configuration pane within a Workspace, the user is presented with a similar SELECT control that allows them to specify which setting to respect.
When the Workspace option is selected, the settings that appear on this page will be used to determine whether PASS/FAIL status on the Gate. When the Environment Option is selected, the current values that are stored at the Environment level will be active. A user can also choose to Deactivate the Security Gate at the Workspace level.
Changing the setting (Environment, Workspace or Deactivated) restores the values that had been set previously. For example, if a Workspace User wanted to have a more restrictive Security Gate set up on a temporary basis, they might modify the Select Menu to Workspace, enter their threshold Severity Values and click SAVE. They could initiate a scan that would respect the Workspace Settings. When they modify their Security Settings to "Environment," the Environment values are displayed. A new scan would use the Environment values. The previously used threshold values can be restored by selecting Workspace in the SELECT menu.
The Select Menu will modify the 'enforcement' setting when it is modified. To change the Threshold Values and to change to Workspace settings, a user must use the SAVE button.
Final Comment
Different organizations may approach this mechanism differently. In some cases, it may make sense for this setting to be managed at the Environment level and not allow modifications at the Workspace level. This could be accomplished by modifying some of the permissions of Workspace Managers and Users. In other cases, organizations may prefer to allow their Workspaces to have flexibility in managing this setting and switching between Environment and Workspace standards. It is important to note that we have not set this up so that the Environment level control can override the Workspace level control. This is to make sure that Workspace teams are not surprised by Setting changes they weren't expecting.
Q. How is this represented in the response if I request scan data via the API?
A. Look for the field isSecurityGatePassed. The valid values are null | true | false. In a null case, the Security Gate was not enabled for that scan.
