Comment on page
OpsMx Deployment firewall is a feature to enforce application security at the point of deployment, across all environments such as staging and production. The firewall adds a gating mechanism to your existing CI/CD tools to ensure compliance and prevent any vulnerabilities from breaching the application.
The deployment firewall can be seamlessly integrated with the Continuous Deployment (CD) system or installed directly within the Kubernetes cluster. When a deployment occurs, the firewall is automatically triggered. It leverages Secure Software Delivery intelligence to analyze data collected throughout the development cycle. The firewall then evaluates this data against predefined rules. Based on this evaluation and any detected vulnerabilities or alerts, the firewall either allows or denies the deployment, effectively preventing insecure code from merging into production. This robust approach ensures that your application remains secure and resilient.
The deployment firewall rules can be predefined based on your need and how you want them to be enforced for the deployments. Some of the rules that can be defined are mandatory code scanning, no critical CVEs, approved change request ticket, or security review. The deployment firewall when triggered runs in the background to automatically verify at the time of deployment that the defined rules have been followed. The deployment of application releases that are out of compliance is blocked.
The following table lists examples of few deployment firewalls rules along with their description and severity level: