Policy Modes

In scenarios where you do not want your CI/CD tool to deploy cloud resources if Tenable Cloud Security detects violations in your IaC, the Tenable Cloud Security CLI provides special status codes based on the policy modes.

You can then configure your CI/CD to catch these codes and decide on failing the builds.

Monitor

This is the default mode. Tenable Cloud Security CLI always responds with the status 0 (Success), if it detects any violation in your IaC.

Tenable Cloud Security CLI output for a policy in the Monitor mode:

Enforce

In the Enforce policy mode, if Tenable Cloud Security CLI detects any violation in your IaC, it responds with an exit code status 1 (Failure).

Tenable Cloud Security CLI output for a policy in the Enforce mode: