Powerful CI and SCM Policy Updates Ensure the Security of Builds and PRs
PRODUCT SPOTLIGHT
Kodem’s continuous integration and source code management enhancements provide development teams with more control, improved visibility, and smarter automation to ensure the security of builds and pull requests.
And we’re going one step further by addressing critical gaps that traditional SCA and reachability tools can’t—Kodem’s remediation guidance now includes transitive dependencies and upstream dependencies.
At Kodem, we continuously push the envelope to ensure your security practices are solid and frictionless. As the demand for faster development cycles grows, the need for tighter security embedded into your CI/CD pipelines becomes essential. Today, we’re excited to announce two significant updates: Continuous Integration (CI) Policies and Source Code Management (SCM) Policy Enhancements, designed to elevate how security works within your pipelines and code repositories.
Whether you’re a developer, an application security leader, or an engineering team looking to ship faster, these new features ensure you can scale security without slowing down development.
And we’re going one step further by addressing critical gaps that traditional SCA and reachability tools can’t—Kodem’s remediation guidance now includes transitive dependencies and upstream dependencies.
Both of our updates aim to give you more control, better visibility, and smarter automation to keep your builds and pull requests secure.
Key Improvements to the CI Workflow
Kodem CI Tool
Real-time scanning during the build process to detect vulnerabilities, integrated directly into your existing CI tools like Jenkins and GitHub Actions.
Remediation Guidance for Transitive Dependencies
Kodem goes beyond direct vulnerabilities, providing actionable remediation guidance for transitive dependencies and upstream dependencies—an area most legacy SCA tools can’t handle.
Customizable CI Policies
Define security policies based on your project’s needs, ensuring you catch vulnerabilities before they hit production.
Key Improvements to Source Code Management Policies
SCM Suppression Policies
Now you can suppress specific conditions in your SCM Policies, such as approving a CVE or package that doesn't meet the Protection Policy you’ve enabled. Suppression Policies can be tailored to specific scopes of code repositories.
Enhanced PR Comment Scanning
You’ll now see all PR scanning findings—including those failing the PR check—in a consolidated report. This update applies to new code added in the PR, and will help streamline the security review process.
PR Scanning Findings
SCM PR Policies are now available directly in GitHub, with more SCM tools to be supported soon.
The Numerous Benefits for Application Security and Engineering Teams
Security teams can enforce policies within CI pipelines and PRs which is crucial for staying ahead of vulnerabilities, especially in fast-moving environments.
Enforce Policies Early
CI Policies enable security teams to enforce rules at the earliest stages of development, ensuring that vulnerable code is caught during the build process.
Handle Complex Dependencies
Kodem’s transitive and upstream remediation ensures that vulnerabilities deep within your dependency tree aren’t overlooked—a gap that legacy tools fail to address.
Targeted Suppression
Security teams can approve certain CVEs or packages with the new SCM Suppression Policies without loosening overall protection policies. This means teams can focus on real threats without creating unnecessary noise.
Comprehensive Visibility
Application Security teams get full visibility into both the vulnerabilities that block a PR and additional findings that may require attention, all in one place. This significantly reduces manual back-and-forth, making the remediation process smoother.
Engineering teams enjoy enhanced CI and SCM processes which provide a streamlined, security-first development ensuring effective source code security.
No More Bottlenecks
With real-time feedback during the build and PR process, developers can catch vulnerabilities early without waiting for manual reviews or security team approvals. Kodem integrates seamlessly into CI tools like Jenkins and GitHub Actions, ensuring security never slows you down.
Tailored Security
Customizable CI and SCM Policies give engineering teams the ability to set up security rules that match their project needs ensuring effective source code security. Whether it's flagging critical vulnerabilities or approving specific CVEs through Suppression Policies, Kodem adapts to your workflow.
Real-Time, Detailed Reports
With PR scanning results now fully embedded, developers can easily review all findings in one place. The new setup makes it easier to address security concerns without leaving the development platform, resulting in faster resolutions and cleaner code.
Transitive Dependency Fixes
Kodem’s remediation guidance doesn’t stop at direct dependencies. Transitive dependencies and upstream dependencies—often ignored by legacy tools—are flagged and include actionable advice, so your builds are as secure as possible without hidden risks.
Get Smarter, Faster, and More Efficient
Kodem’s CI and SCM updates are designed to make your security practices smarter, faster, and more effective. Whether you're an application security leader looking to automate and scale, or an engineering team trying to ship code faster, these new features offer the tools you need to stay secure without slowing down.
Now is the time to experience what Kodem can do for your development pipelines—secure every build, every pull request, every time.
More blogs
A Primer on Runtime Intelligence
See how Kodem's cutting-edge sensor technology revolutionizes application monitoring at the kernel level.
Platform Overview Video
Watch our short platform overview video to see how Kodem discovers real security risks in your code at runtime.