Download
  1. Documentation
  2. The ZAP by Checkmarx Desktop User Guide
  3. Add-ons
  4. Scan Policies
  5. QA CI/CD Policy

QA CI/CD Policy

A quality assurance focused policy meant to perform fairly quickly while providing a greater set of results than developer policies, intended for use in a CI/CD pipeline for a QA/staging environment.

  • Recommended for running in CI/CD
  • Intended to run in a QA / Staging environment which is close to production
  • A superset of Developer CI/CD but with important env / server rules enabled
  • No long running rules
  • No rules with high false positives
  • No timing attacks
  • No informational only rules
  • Minimal overlap

For the list of scan rules included see the Alert Tag: POLICY_QA_CICD page.

Return to main scan policies page.