Stop deployments when instance scan shows error

Dan Covic2 · ‎07-01-2025

Hi,

I’d like to confirm whether it’s possible to halt or cancel a deployment—submitted via App Engine Studio and processed through the AEMC pipeline—when an instance scan in TST returns an error.

Here’s what I’ve done so far:
- Created a record producer (DAN's IT Services Record Producer) within a new test scoped app (DC - test app).
- Developed a scan check (Table Check "Description" Check Producer Has Description) within the OOTB Scoped App Definitions Check Suite, specifically to validate that record producer.
- The scan check is designed to flag any record producer with a blank description.

To test this, I submitted the record producer without a description, and as shown in the attached image (cancel_deployment), the instance scan correctly flagged the issue.

My question:
Should I treat the finding itself (marked in green) as the trigger to stop the deployment, or should I rely on the "has_error" key (marked in red) as the actual indicator for blocking deployment?

Any guidance on how to configure this behavior in the AEMC pipeline would be greatly appreciated.

Best regards,
Dan

SANDEEP DUTTA · ‎07-01-2025

Hi @Dan Covic2 ,

It should be the finding itself (marked in green) as the trigger to stop the deployment.

Thanks,
Sandeep Dutta

Please mark the answer correct & Helpful, if i could help you.

Dan Covic2 · ‎07-23-2025

Hi @SANDEEP DUTTA , apologies for the delayed response.

Your explanation makes sense. However, I’d like to clarify a few things:

How can we configure the 'Scoped App Definitions' Check Suite so that a specific finding (marked in green) acts as a trigger to stop the deployment?
Alternatively, should we configure the deployment pipeline workflow to halt the deployment whenever any scan returns a finding?
Or is it necessary to configure the scan results so that if a scan fails (i.e., the status is marked as "failed"), the deployment is automatically stopped?