Tagging Configuration

The tags that an artifact can be tagged are defined by Administrator on the administration page using theTagging Config.

Click the administration icon at the top right. The administration page appears. Select the Tagging Config. The Tagging Config.

 

 

If there are no tagging configuration cards for the desired instrument type on this page yet, click the +Add new button in the upper right corner of the Tagging Config page to define the tagging parameters. The Create tagging config window appears.

 

 

Select the NXRM repository from the drop-down list and in the newly appeared Hub QG status and NXRM tag fields pair the QG status and repository tags. To match such a pair, click the Hub QG status field and select QG status from the drop-down list. Then click the NXRM tag field and select a repository tag from the drop-down list.

 

 

Click the Add button on the right to add a newly created pair. When all pairs are created, click the Create button at the bottom of the window.

Click the edit icon on an existing tagging card to view and adjust the tagging settings. The Update tagging config window appears.

 

 

This window shows the artifact repository instance and the mapping between the QG statuses in Maverix and repository tags. Maverix provides the following tagging statuses for Quality Gates:

SAST_BYPASSED — scan with the SAST tool bypassed. SAST_FAILED — scan with the SAST tool failed. SAST_SUCCESSFUL — scan with the SAST tool was successfully completed .

The mapping should be defined separately for each repository. Some tags and statuses are mapped to each other by default. If necessary, in the AST tool (in this case, Nexus IQ Server) you should create additional tags for mapping. Maverix determines the practice used during a scan (SAST, DAST or SCA) and the result of the scan (successful or not), selects the appropriate tag from the list (for example, QG_SAST_PASS), and labels the artifact with that tag.