toc:true

Codefresh is a Continuous Integration/Delivery solution. This article reviews main concepts around CI, and how Codefresh supports and implements them.

For a review of CD concepts, see[Codefresh for CD]({{site.baseurl}}docs/getting-started/cd-codefresh/).

The only requirement is that you either use an existing Docker image as a step in your pipeline or create your own with the exact versions of tools that you need.

You can find several Docker images for all popular programming languages or you can create your own if you use an exotic programming language.

Building a Docker image from the source code is probably the most common and basic requirement for a CI pipeline. In Codefresh, you can build, push, and promote Docker images, using declarative YAML and credentials that are defined once and stored centrally for reuse.

**Build and push image**

Compared to unit tests that run on the source code, integration tests run on the application itself. You need to either launch the application itself, or one or more external services such as a database.

In Codefresh, you can launch these sidecar containers within the pipeline through compositions and service containers.

See[Run integration tests example]({{site.baseurl}}/docs/example-catalog/ci-examples/run-integrations-tests/).

Good quality code is central to any CI platform or tool. Codefresh integrates with the top code quality platforms/tools in the market to track code coverage, inspect code quality, and generate code-coverage analysis reports.

Implement code quality coverage in Codefresh pipelines through these steps:

Linting and validation tools which perform static analysis on source code or other resources are also integral parts of pipelines. Codefresh pipelines can use any linter tool that is bundled with a Docker image. Codefresh can also validate files that are not source-code, such as markup-language files (XML/YAML/JSON), and infrastructure files (Terraform, or Kubernetes resource files).

Linting and validation tools which perform static analysis on source code or other resources are also integral parts of pipelines. Codefresh pipelines can use any linter tool that is bundled with a Docker image.

Codefresh can also validate files that are not source-code, such as markup-language files (XML/YAML/JSON), and infrastructure files (Terraform, or Kubernetes resource files).

As most static analysis tools are CLI-based, they can be easily used in a Codefresh pipeline.

**Security scan platforms**

Codefresh can integrate with any security scanning platform that scans source code or Docker images for vulnerabilities. We already have ready-to-use Docker images for several security platforms such as Anchore, Aqua Security, Clair, Twistlock and WhiteSource. For the full list, visit our[Plug-ins library](https://codefresh.io/steps/){:target="\_blank"}.

**Scantiming in pipeline step**

**Scanat any point**

The security scan is implemented through a`freestyle` step, inserted anywhere in the pipeline. The fact that you can insert the step anywhere in the pipeline allows you to control when the scan is executed, for example, before the source code is packaged in a container, or before the container is stored in a registry or deployed to production, or any combination of the two.

**View scan results**

As with any scan, the final step is viewing the scan results. Attaching analysis reports to the pipeline build makes the scan results available in Codefresh release dashboards (Test Report button).

As with any scan, the final step is viewing the scan results. Attaching analysis reports to the pipeline build makes the scan results available in Codefresh release dashboards.

**Security annotations**

Correlate the Docker images in Codefresh with the results of the security scanning platform by adding annotations for custom metadata. For example, you can add annotations such as the number of issues or the URL of the full report.

**Jira notifications**

Codefresh integrates with Jira in several ways:

The standard integration provides the highest visibility into your GitOps deployments. Referencing the integration in your pipeline pulls in all the Jira information and enriches the image with the issue-tracking information.

Our versatile[Jira Issue Manager](https://codefresh.io/steps/step/jira-issue-manager){:target="\_blank"} step can be used to create Jira issues, comment on existing Jira issues, change the status of an issue, and even add a description to your issue.