Repository should be associated with an approved CI/CD app

Code repo should be attached to an authorized CI/CD application.

By bypassing the authorized CI/CD application (either by using shadow CI/CD or manual building) guardrails, tests and additional checks may not be performed on code changes. This may result in significantly degraded security.

Review the systems being used in your organization projects and remove those that are not allowed in your internal security policy.

The detector has a property allowedSystems where the user have to configure the allowed CI/ CD systems for her/ his organization.