Skip to main content

Policy Management - Break Build

Overview

The ability to configure a policy violation to break the build (i.e., fail the PR) for a Code Repository Integration project is now being released as GA together with the other features in version 3.30 (it had previously been released to BETA customers). Now, as part of the policy configuration, you can turn on the Break Build toggle for each policy for which you want a violation to prevent the PR from being merged.

The break build behavior will only be effective if you configure your SCM to block PRs when a Checkmarx One Break Build policy is violated. The procedure for setting up this configuration is different for each SCM, see below for details.

Configuring a Policy Rule to Break Build

  1. Create a policy, including creating one or more rules for the policy, as described in Creating a Policy.

  2. Turn ON the toggle next to the type of rule that you selected:

    for All Scanners

    Image_1643.png

    or By Scanner.

    Image_1642.png

  3. Click on Save Policy at the top of the screen.

Setting up Your SCM to Break Build

In order for the break build behavior to be effective you need to configure your SCM to block PRs when a Checkmarx One Break Build policy is violated. The procedure for setting up this configuration for each of the supported SCMs is described below.

GitHub (Cloud and Self-Hosted)

  1. For the repo that you want to protect, open the repo settings and go to Code and automation > Branches > Branch protection rules.

  2. Create a rule (or edit an existing rule), specifying the Branch name pattern for the branches that you want to protect.

  3. In the Protect matching branches section, select the checkbox for Require status checks to pass before merging.

  4. In the Status checks that are required section, enter Checkmarx.

    break_build_-_github_config.png

  5. Save your rule.

GitLab (Cloud and Self-Hosted)

  1. Open the project settings for the project that you would like to protect and go to Merge requests.

  2. In the Merge checks section, select the checkbox for All threads must be resolved.

    0f6e8b61-5d89-4148-993e-04013558e5d8.png

  3. Click on Save changes.

    Once this configuration is in place, when a Break Build policy violation occurs, Checkmarx will ensure that there is a thread with Unresolved status, which will prevent the merge from being allowed.

Warning

For the GitLab integration, it is possible for a user to manually override the Break Build by clicking on the Resolve button for the unresolved thread and then merging the code.

Bitbucket Cloud

The following procedure describes how to set up Break Build for a specific repo. Alternatively, you can take similar steps on the project level so that all repos in that project will have Break Build functionality.

Prerequisites

  • Only supported for Bitbucket Premium plan

Procedure

  1. Open the repo settings and go to Workflow > Branch restrictions.

  2. Click on Add a branch restriction.

  3. In the Select branches section, specify the branches that you want to protect.

  4. Open the Merge settings tab.

  5. In the Merge checks section, select the checkbox next to Minimum number of successful builds for the last commit with no failed builds and no in progress builds, and specify the number suitable for your workflow.

  6. In the Merge conditions section, select the checkbox next to Prevent a merge with unresolved merge checks.

    image-20250119-102609.png

  7. Click Save.

Bitbucket Self-Hosted

The following procedure describes how to set up Break Build for a specific repo. Alternatively, you can take similar steps on the project level so that all repos in that project will have Break Build functionality.

Notice

Procedures may differ slightly depending on the version of Bitbucket that you are using.

  1. Open the repo settings and under Pull requests click on Merge checks.

  2. Click on Add a branch restriction.

  3. In the Minimum successful builds section, select Enabled, and specify the number suitable for your workflow.

    image-20250116-145739.png

  4. Click Save.

Azure DevOps (Cloud and Self-Hosted)

  1. Open the project that you would like to protect and go to Repos > Branches.

  2. Click on more options More_Options.png next to the branch that you want to protect and select Branch policies.

    Image_1646.png

  3. In the Status Checks section, click on the + button.

    image-20250119-095728.png

  4. In the Add status policy dialogue, for Status to check, enter Checkmarx.

  5. For Policy requirement, select the radio button for Required .

    image-20250119-095854.png

  6. Click Save.

In this section: