TABLE OF CONTENTS
The Code Repositories page displays all the code repositories from different Source Code Management (SCM) tools that have been registered with Aqua from the Integrations page. This page also displays the predefined checks that have been used to scan the repositories in the Checks tab.
In the Supply Chain Security module, from the left menu, when you select Code Repositories, you will see the Code Repositories page as shown below.
The screen is organized into two tabs: Repositories and Checks.
This tab shows all the code repositories that have been integrated with Aqua and security findings detected in these repositories after scanning them.
From this tab, you can:
- View details of the repository such as its system (SCM tool), compliance status after applying all the predefined checks provided by Aqua, and the last scanned details
- Obtain a summary of the security findings detected in each repository: presence of vulnerabilities, misconfigurations, and sensitive data such as passwords or tokens
- Sort the repositories according to the severity of the vulnerabilities detected, at the top of the page
- View scan detailed view on clicking a repository. Refer to Code Repository Scan Detailed View for more information.
- Add a new code repository from the already integrated SCM tools. For more information, refer to Add a new repository below.
The following controls appear at the right middle of the page:
- Search: the repository by its name
- Filter: the repositories by system (SCM tool), compliance status with the applicable Build Assurance Policies, type of security findings detected, and the last build time of the code in the repository
- Remove: select one or more repositories from the list and click this button to remove them from Aqua
- Export: to export the list of repositories with full details in a csv file
Add a new repository
After an SCM tool is integrated, you can add any number of code repositories in the SCM tool to Aqua, from the Code Repositories page. You can add a new repository either through the Automatic (SCM) or Manual (CI) method.
When a repository is added through the Automatic (SCM) method, Aqua checks every minute if there are any builds on the added repositories after their last scan. If there are any builds, Aqua triggers scanning the repository again to detect security findings in the latest build process.
To add a new repository through the Automatic (SCM) method:
- Click Add New Repository.
- In the Add New Repository dialog, select the Automatic (SCM) tab.
- From the Provider dropdown, select the already integrated SCM tool.
- In the repository search box, search for a repository with its name.
- After selecting the required repository, click Done.
To add a new repository through the Manual (CI) method:
- In the Add New Repository dialog, select Manual (CI).
- From the build system type dropdown, select the already integrated system.
- Perform actions by referring to the Code Repository Integrations document > Manual - integrate a code repository section.
This page shows all the predefined checks which detect security issues in all the repositories. On clicking any check, all the non-compliant repositories with the highest detected severity are displayed. If you click the repository name from the list, you will be navigated to the specific repository scan detailed view.
You can search any check with its ID and filter the checks by:
- Policy Severity: Shows all the failed checks on the repositories which have vulnerabilities with the selected severity.
- Repository name: shows all the failed checks on the entered repository.
- Provider Service: Enter the provider in service on which your code repositories are hosted. For example: S3 from AWS. This filter helps with filtering checks which were designed for the provider on which your repositories are hosted.
Did you find it helpful?Send feedback