Running a Compliance Scan

Updated 1 month ago by Copado Solutions

Running a Compliance Scan

There are two types of compliance scans in Copado, passive and active scans. An active scan is a scan that is manually requested by a user, usually by clicking on a button. This type of scan can be executed from an Org Credential, a User Story or a Git Snapshot record. A passive scan, on the other hand, is a scan that is automatically triggered by Copado if a user has enabled this option. Copado can automatically trigger a compliance scan based on the environment's compliance rule group and the selected compliance scan events in a Deployment and a User Story commit. Additionally, you can use a Copado webhook to run a compliance scan both in an Org Credential and a Git Snapshot record from a scheduled job, a deployment step, a user story deployment task or a process builder.

Prior to executing a compliance scan, there are some steps you need to take:

  1. You need to create a compliance rule and add it to a compliance rule group. For more information about how to do this, check out the articles How to Create a Compliance Rule, How to Add Rule Criteria to a Compliance Rule and Compliance Rule Groups.
  2. Once you have configured the compliance rule group, you need to assign it to the environment linked to the org credential included in the User Story, Git Snapshot or Deployment record.

Let’s go ahead and see how you can run a compliance scan from each of the options mentioned above.

Org Credential

When you run a compliance scan in an org credential, it will analyze all the metadata in the org.

To execute a compliance scan in an Org Credential record, navigate to the record and click on Run Compliance Scan.

Git Snapshot

You can run a compliance scan in a Git Snapshot record to analyze the components committed in a branch.

To execute the scan, navigate to a Git Snapshot record and click on Run Compliance Scan.

User Story

You can execute a compliance scan in a user story to analyze the user story metadata or Git selection.

When you run a compliance scan from a user story, you have two options:

  1. You can manually execute the scan by navigating to the User Story record and clicking on Run Compliance Scan.

  1. You can request Copado to automatically trigger the scan when you commit changes in a user story. To do this, navigate to the environment where you previously added the compliance rule group and select Commits from the Compliance Scan Events multi-picklist field.

If the metadata components in the user story do not match a metadata type supported by Copado in a compliance rule, no scan will be performed. 

Deployment

You can request Copado to automatically trigger a compliance scan when you execute a deployment. To do this follow the steps below:

  1. Navigate to the Environment record linked to that deployment and click on Edit.
  2. Make sure a compliance rule group has been added to the environment.
  3. In the Compliance Scan Events multi-picklist field, select Deployments.

From now on, whenever you execute a deployment to that environment, a compliance scan will be automatically run by Copado.

Scheduled Jobs

You can set up a scheduled job to run a compliance scan in an Org Credential or a Git Snapshot record. To do so, follow the steps below:

  1. Navigate to the Scheduled Jobs tab and click on New.
  2. From the Look up Copado Webhook, select either Run Compliance Scan on Org Credential or Run Compliance Scan on Git Snapshot.
  3. Fill in all other relevant fields and save.

For additional information about compliance scan results, check out the article Reviewing Compliance Scan Results


How did we do?