Powerful CI and SCM Policy Updates Ensure the Security of Builds and PRs

At Kodem, we continuously push the envelope to ensure your security practices are solid and frictionless. As the demand for faster development cycles grows, the need for tighter security embedded into your CI/CD pipelines becomes essential. Today, we’re excited to announce two significant updates: Continuous Integration (CI) Policies and Source Code Management (SCM) Policy Enhancements, designed to elevate how security works within your pipelines and code repositories.

Whether you’re a developer, an application security leader, or an engineering team looking to ship faster, these new features ensure you can scale security without slowing down development.

‍And we’re going one step further by addressing critical gaps that traditional SCA and reachability tools can’t—Kodem’s remediation guidance now includes transitive dependencies and upstream dependencies.

Both of our updates aim to give you more control, better visibility, and smarter automation to keep your builds and pull requests secure.

Key Improvements to the CI Workflow

Kodem CI Tool

Real-time scanning during the build process to detect vulnerabilities, integrated directly into your existing CI tools like Jenkins and GitHub Actions.

Remediation Guidance for Transitive Dependencies

Kodem goes beyond direct vulnerabilities, providing actionable remediation guidance for transitive dependencies and upstream dependencies—an area most legacy SCA tools can’t handle.

Customizable CI Policies

Define security policies based on your project’s needs, ensuring you catch vulnerabilities before they hit production.

Key Improvements to Source Code Management Policies

SCM Suppression Policies

Now you can suppress specific conditions in your SCM Policies, such as approving a CVE or package that doesn't meet the Protection Policy you’ve enabled. Suppression Policies can be tailored to specific scopes of code repositories.

‍

Enhanced PR Comment Scanning 

You’ll now see all PR scanning findings—including those failing the PR check—in a consolidated report. This update applies to new code added in the PR, and will help streamline the security review process.

PR Scanning Findings

SCM PR Policies are now available directly in GitHub, with more SCM tools to be supported soon.

‍

The Numerous Benefits for Application Security and Engineering Teams

Security teams can enforce policies within CI pipelines and PRs which is crucial for staying ahead of vulnerabilities, especially in fast-moving environments. 

Enforce Policies Early

CI Policies enable security teams to enforce rules at the earliest stages of development, ensuring that vulnerable code is caught during the build process.

Handle Complex Dependencies

Kodem’s transitive and upstream remediation ensures that vulnerabilities deep within your dependency tree aren’t overlooked—a gap that legacy tools fail to address.

Targeted Suppression 

Security teams can approve certain CVEs or packages with the new SCM Suppression Policies without loosening overall protection policies. This means teams can focus on real threats without creating unnecessary noise.

Comprehensive Visibility

Application Security teams get full visibility into both the vulnerabilities that block a PR and additional findings that may require attention, all in one place. This significantly reduces manual back-and-forth, making the remediation process smoother.

‍

Engineering teams enjoy enhanced CI and SCM processes which provide a streamlined, security-first development ensuring effective source code security.

No More Bottlenecks

With real-time feedback during the build and PR process, developers can catch vulnerabilities early without waiting for manual reviews or security team approvals. Kodem integrates seamlessly into CI tools like Jenkins and GitHub Actions, ensuring security never slows you down.

Tailored Security

Customizable CI and SCM Policies give engineering teams the ability to set up security rules that match their project needs ensuring effective source code security. Whether it's flagging critical vulnerabilities or approving specific CVEs through Suppression Policies, Kodem adapts to your workflow.

Real-Time, Detailed Reports

With PR scanning results now fully embedded, developers can easily review all findings in one place. The new setup makes it easier to address security concerns without leaving the development platform, resulting in faster resolutions and cleaner code.

Transitive Dependency Fixes

Kodem’s remediation guidance doesn’t stop at direct dependencies. Transitive dependencies and upstream dependencies—often ignored by legacy tools—are flagged and include actionable advice, so your builds are as secure as possible without hidden risks.

Get Smarter, Faster, and More Efficient

Kodem’s CI and SCM updates are designed to make your security practices smarter, faster, and more effective. Whether you're an application security leader looking to automate and scale, or an engineering team trying to ship code faster, these new features offer the tools you need to stay secure without slowing down.

Now is the time to experience what Kodem can do for your development pipelines—secure every build, every pull request, every time.

Watch this short product demo to see how we do it >>