Automated Commit Feedback

In Azure DevOps, a build status can be attached to a commit when an IQ Policy Evaluation highlights violations. This is visible on individual commits, and the commit history.

In both Bitbucket Server and Bitbucket Cloud, a build status can be attached to commits when an IQ Policy Evaluation highlights violations. This will be visible on individual commits and on any pull requests containing that commit.

As a GitHub Status, an IQ Policy Evaluation check runs whenever a Pull Request is created or updated. Like other status checks, it can be configured to just provide feedback or even block a PR from being merged when it detects vulnerable components or policy violations. Each policy evaluation has a link to the full IQ Policy Evaluation via the Details link to the right of the components affected summary counts.

The IQ Policy Evaluation report can also be accessed from a commit itself by clicking the status icon then clicking the Details link to the right of the IQ Policy Evaluation component summary on the checks popup.

An IQ Policy Evaluation step can be added to the GitLab pipeline to provide feedback or even block Merge Requests when it detects vulnerable components or policy violations. When violations are detected, the 'IQ Policy Evaluation' will link to the full scan report on IQ Server.