This check verifies when a build and test job is currently active in pipeline configuration.

Reference: ESF - Securing the Software Supply Chain - Recommended practices for Developers - 2.2.1 Malicious Modification of Source Code - Subsection 3 Conduct nightly builds with security and regression tests

To ensure the integrity and quality of the development process, nightly builds should be performed that include manual and automated security and regression tests. Test cases should be implemented during the design of the software and extended during coding to validate all areas of functionality for both “good” and “bad” scenarios. Using this process, any flaws or changes, whether malicious or inadvertent, can be recognized and addressed.

The check looks for a scheduled pipeline in an hourly time range, that runs a build or compile command.

It is a standard practice to define a nightly build process for daily compiling and testing the software, and when possible to run security analyses to identify known vulnerabilities, secrets leaks, misconfigurations in the build/deployment tools or potential code tampering, etc.