Skip to main content Skip to section navigation
U.S. flag

An official website of the United States government

External Tools and Resources

An outline of external tools and resources customer could leverage outside of the Pages platform to improve site accessibility, user experience, and security posture. Pages sites’ source code is managed via Git version control and hosted on GitHub. The combination of these source code management tools allows Pages customers to leverage open source tools, third-party services, and other resources outside of the Pages platform to improve their development workflow, user experience, and security posture. This will outline different areas of interest with possible resources for customers to research in-depth based on their current priorities, resources, skill sets, and constraints. This is not an endorsement of any single resource or tool so this outline will change with the landscape and it is only a small sample of possible tools and resources.

Continuous integration and deployment

Continuous integration and deployment (CI/CD) refers to the use of automated workflows to build, test, and deploy code. Implementing these automated workflows improves consistency in the development process and adds confidence when deploying updates to the system. CI/CD can be leveraged by Pages customers to automatically run checks against any update to the site source code and protect the production site from errors or security vulnerabilities that could be introduced from an update to the site. The following are some of the CI/CD platforms that could potentially be used in conjunction with your Pages site:

The above is just a small list of CI/CD platforms that a customer could use to automate their development and deployment workflows.

Branch protections

Branch protections in a GitHub repository allow Pages customers to add additional security measures to make sure the site’s production source code is updated through a well defined process and protects it from errors or security vulnerabilities. Customers can define branch protection rules to designate user approval or require passing status checks before merging into the production source code’s branch. Status Checks are the automated workflows run by your CI/CD platform whenever a branch is added or updated. Customers can leverage external tools, resources and services through these automated workflows and protect site source code through the status checks associated with them.

Automated workflows

The automated workflows in a site’s CI/CD system enable Pages customers to leverage external tools, resources, and services. The following sections will outline some possibilities customers may choose to explore.

Scanning tools

Source code and live site scanning are required to obtain an Authorization to Operate (ATO) a federal information system like a Pages site. Being able to incorporate these tools into the CI/CD process will provide the best outcomes for customer sites. The following is a list of possible scanning tools:

Static Code Analysis

These tools run before a site update is deployed to production and look at the site’s source code to identify vulnerabilities or suggest best practices.

Live site scanning

These tools run after a preview or production update is deployed to the site. They check the live site to identify vulnerabilities.


These tools run against the site to make it more accessible and improve the user experience for all. They help Pages customers improve their Section 508 compliance posture on their sites.

These tools do detailed scans of an individual page, and can be run from a web browser extension or bookmarklet:


Here are some additional tools customers could add to improve their site.

  • Lychee to identify any links on the site that are no longer valid.
  • ESLint to identify problems with the javascript syntax.
  • CSpell to run spell check against the site.

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?