Security Check
This page explains how to customize the Software Composition Analysis (SCA) for the application or microservice.
This job evaluate the security of your software detecting vulnerabilities from operating systems and programming languages.
Supported Packages:
Our scanning capabilities extend to a wide array of major operating system packages, including but not limited to:
- Alpine
- Amazon Linux
- BusyBox
- CentOS
- Debian
- Distroless
- Oracle Linux
- Red Hat (RHEL)
- Ubuntu
Furthermore, our tool adeptly identifies vulnerabilities within language-specific packages, covering a diverse range of ecosystems:
- Ruby (Gems)
- Java (JAR, WAR, EAR, JPI, HPI)
- JavaScript (NPM, Yarn)
- Python (Egg, Wheel, Poetry, requirements.txt/setup.py files)
- Dotnet (deps.json)
- Golang (go.mod)
- PHP (Composer)
- Rust (Cargo)
- GitHub Actions
- GitLab CI
- Azure DevOps
- Bitbucket Pipelines
1. In the main branch you will edit the YAML file named .github/workflows/github-ci.yaml
2. In the github-ci.yaml file search for the Features section, you will find it like this:
## Features -------------------------------------------------------------------------------------#
3. Bellow the section title, add the following configuration and change the values as you need:
# SCA check
security_check_enabled: 'true'
security_check_blocker: 'false'
# SCA check | Customizations
# To use upload SCA report in manifest repository set this to 'true'
security_check_report_upload: 'true'
# Specify a output format to report:
# json | table | cyclonedx | sarif | embedded-cyclonedx-vex-json | embedded-cyclonedx-vex-xml
security_check_report_format: 'table'
4. Commit and enjoy! ✨
1. In the main branch you will edit the YAML file named .gitlab-ci.yml
2. In the .gitlab-ci.yml file search for the Features section, you will find it like this:
## Features -------------------------------------------------------------------------------------#
3. Bellow the section title, add the following configuration and change the values as you need:
# SCA check
security_check_enabled: 'true'
security_check_blocker: 'false'
# SCA check | Customizations
# To use upload SCA report in manifest repository set this to 'true'
security_check_report_upload: 'true'
# Specify a output format to report:
# json | table | cyclonedx | sarif | embedded-cyclonedx-vex-json | embedded-cyclonedx-vex-xml
security_check_report_format: 'table'
4. Commit and enjoy! ✨
1. In your Azure Repo's main branch you will edit the YAML file named azdevops-ci.yml
2. In the azdevops-ci.yml file search for the Features section, you will find it like this:
## Features -------------------------------------------------------------------------------------#
3. Bellow the section title, add the following configuration and change the values as you need:
# SCA check
- name: security_check_enabled
value: 'true'
- name: security_check_blocker
value: 'false'
# SCA check | Customizations
# To use upload SCA report in manifest repository set this to 'true'
- name: security_check_report_upload
value: 'true'
# Specify a output format to report:
# json | table | cyclonedx | sarif | embedded-cyclonedx-vex-json | embedded-cyclonedx-vex-xml
- name: security_check_report_format
value: 'table'
4. Commit and enjoy! ✨
1. In the main branch you will edit the YAML file named .bitbucket/envs.yaml
2. In the .bitbucket/envs.yaml file search for the Features section, you will find it like this:
## Features -------------------------------------------------------------------------------------#
3. Bellow the section title, add the following configuration and change the values as you need:
# SCA check
security_check_enabled='true'
security_check_blocker='false'
# SCA check | Customizations
# To use upload SCA report in manifest repository set this to 'true'
security_check_report_upload='true'
# Specify a output format to report:
# json | table | cyclonedx | sarif | embedded-cyclonedx-vex-json | embedded-cyclonedx-vex-xml
security_check_report_format='table'
4. Commit and enjoy! ✨
Our Security Check job evaluates container images, ensuring their integrity and fortifying the security of containerized OCI images. Using the most advanced open source tools, this scan delivers a comprehensive vulnerability assessment and package analysis, making it an indispensable resource for DevOps teams and containerized application deployments.
Key Features:
- Vulnerability Scanning: Employing advanced techniques, our scan rigorously detects vulnerabilities within container images. It meticulously sifts through a broad spectrum of vulnerability databases and sources to furnish a thorough security analysis.
- Package Analysis: In addition to vulnerability scanning, our scan conducts exhaustive analyses of package dependencies within container images. This functionality illuminates the composition of images, pinpointing potential security risks associated with specific packages.
- Reporting and Remediation: The scan furnishes detailed reports, meticulously documenting identified vulnerabilities along with their corresponding CVEs and package information. Moreover, it offers the flexibility to customize output formats, facilitating seamless integration with other security systems.
With our comprehensive scanning capabilities and robust support for diverse packages, we empower organizations to bolster the security posture of their containerized environments effectively.