Running a Compliance Scan
Running a Compliance Scan
There are two types of compliance scans in Copado, passive and active scans. An active scan is a scan that is manually requested by a user, usually by clicking on a button. This type of scan can be executed from a Credential, a User Story, or a Git Snapshot record. A passive scan, on the other hand, is a scan that is automatically triggered by Copado if a user has enabled this option. Copado can automatically trigger a compliance scan based on the environment's compliance rule group and the selected compliance scan events in a Deployment and a User Story commit. Additionally, you can use a Copado webhook to run a compliance scan both in a Credential and a Git Snapshot record from a scheduled job, a deployment step, a user story deployment task, or a process builder.
Prior to executing a compliance scan, there are some steps you need to take:
- You need to create a compliance rule and add it to a compliance rule group. For more information about how to do this, check out the articles How to Create a Compliance Rule, How to Add Rule Criteria to a Compliance Rule, and Compliance Rule Groups.
- Once you have configured the compliance rule group, you need to assign it to the environment linked to the credential included in the User Story, Git Snapshot, or Deployment record.
Let’s go ahead and see how you can run a compliance scan from each of the options mentioned above.
When you run a compliance scan in a credential, it analyzes all the metadata in the org.
To execute a compliance scan in a Credential record, navigate to the record and click on Run Compliance Scan:
You can run a compliance scan in a Git Snapshot record to analyze the components committed in a branch.
To execute the scan, navigate to a Git Snapshot record and click on Run Compliance Scan:
You can execute a compliance scan in a user story to analyze the user story metadata or Git selection.
When you run a compliance scan from a user story, you have two options:
- You can manually execute the scan by navigating to the User Story record and clicking on Run Compliance Scan:
- You can request Copado to automatically trigger the scan when you commit changes in a user story. To do this, navigate to the environment where you previously added the compliance rule group and select Commits from the Compliance Scan Events multi-picklist field:
You can request Copado to automatically trigger a compliance scan when you execute a deployment. To do this follow the steps below:
- Navigate to the Environment record linked to that deployment and click on Edit.
- Make sure a compliance rule group has been added to the environment.
- In the Compliance Scan Events multi-picklist field, select Deployments:
From now on, whenever you execute a deployment to that environment, a compliance scan is automatically run by Copado.
You can set up a scheduled job to run a compliance scan in a Credential or a Git Snapshot record. To do so, follow the steps below:
- Navigate to the Scheduled Jobs tab and click on New.
- From the Look up Copado Webhook, select either Run Compliance Scan on Credential or Run Compliance Scan on Git Snapshot.
- Fill in all other relevant fields and save:
For additional information about compliance scan results, check out the article Reviewing Compliance Scan Results.