Skip to main content
DevOps icon showing cogs

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Feb 19, 2018 — DevOps Expert

Integrate Compliance and Quality into Your DevOps Pipeline


Continuous Delivery is about enabling your organization to bring new features to production, one by one, quickly and reliably. To do so effectively while maintaining a high level of quality, you have to embed code analysis in the CD pipeline. Making code analysis an integral part of your Continuous Delivery process strengthens the test automation section of your CD pipeline and ensures that release managers have an accurate view of the risks the code may introduce.

Embedded code analysis is also crucial for meeting the compliance requirements that are important for your organization. Code can be analyzed for security, open source licensing, adherence to coding standards, and various other quality metrics. When code analysis is baked into the software release process, you can be confident that the evidence you need for auditing purposes is collected and recorded automatically.

With XL Release 7.6, you can see risk and quality metrics in the dashboard for every release. In addition, you can add code analysis tasks to the release pipeline through integrations with third-party products and configure the tasks to fail if the code does not meet quality thresholds. XL Release 7.6 adds the following integrations:

Black Duck

Black Duck is a trusted tool for securing and managing open source software in applications and containers. Integration with Black Duck makes it easy for you to verify as a standard step in your templates and releases that the open source software you use in your applications and containers is secure.Black Duck ComplianceUsing XL Release and Black Duck allows you to embed code risk analysis in your Continuous Delivery pipelines. You can automatically check code against various types of risk, such as license, security, and operational risks. The Black Duck plugin allows you to add Check Compliance tasks to templates and releases and configure them with a threshold for various risks to indicate severity. You can also add a Black Duck risk profile tile to release dashboards and configure it to show risk metrics for a given project in a graphical way, so you can assess code risk in real-time at a glance.Black Duck Risk Profile Tiles

Fortify Software Security Center (SSC)

Fortify Software Security Center provides centralized management of application security testing. Security teams use SSC to review and manage security testing activities, prioritize remediation efforts based on risk potential, measure improvements, and generate cross-portfolio management reports.Fortify SSC Check ComplianceXL Release and Fortify SSC can evaluate code against the security metrics that are most important for your organization. The Fortify SSC plugin allows you to add Check Compliance tasks to templates and releases and configure them with the minimum rating required for the release, according to the Fortify Five Star Assessment Rating. You can also add a Fortify SSC Summary tile to release dashboards and configure it to show security metrics for a given project.Fortify SSC Summary


SonarQube is an open source platform for continuous inspection of code quality. Teams use it to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities in application source code.SonarQube Quality GateUsing XL Release and SonarQube to integrate code analysis into your Continuous Delivery pipelines strengthens test automation and ensures that code adheres to your organization’s coding standards. The SonarQube plugin allows you to add Check Compliance tasks to templates and releases and configure them with SonarQube quality gates. You can also add a SonarQube summary tile to release dashboards and configure it to show code quality metrics for a given project.SonarQube Summary

The Result: Better Software for All

Integrating compliance and quality into your DevOps pipeline is crucial for any organization to deliver quality software consistently, and XL Release can help you achieve just that with ease.

Related Resources

More from the Blog

View more
Ascension Launch Banner
Apr 26, 2022

Get ready for peak performance with’s newest AI-Powered DevOps Platform Ascension Release

Today, is excited to announce our latest AI-Powered DevOps ...
Read More
Jan 24, 2022 Value Stream Delivery for SAFe®: The key to amazing business outcomes

The Scaled Agile Framework (SAFe) is the world’s leading framework for ...
Read More
Dec 09, 2021

How SaaS and cloud-based solutions helped the U.S. Department of Veterans Affairs achieve digital transformation

Modernizing legacy systems was an ongoing goal for the U.S. Department ...
Read More
Nov 29, 2021

Increase velocity and reduce risk with AI and machine learning

Artificial Intelligence (AI) and machine learning (ML) have proven use ...
Read More
Contact Us