You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/organizations/managing-security-and-risk.md
+16-13Lines changed: 16 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -681,11 +681,11 @@ Follow our [roadmap](https://roadmap.codacy.com) for updates on this feature.
681
681
682
682
## Container scanning {: id="container-scanning"}
683
683
684
-
Container Scanning is a technique to scan your container image's dependencies for known vulnerabilities. The **Security and risk management > App scanning** page allows you to setup scans that run automatically every night, and surface actionable security findings as new vulnerabilities get discovered.
684
+
Container Scanning is a technique to scan your container image's dependencies for known vulnerabilities. The **Security and risk management > App scanning** page allows you to set up scans that run automatically every night, and surface actionable security findings as new vulnerabilities get discovered.
685
685
686
-
### How our Container Image Scanning Works
686
+
### How our container image scanning Works
687
687
688
-
The security tool analyzes your upload SBOM (Software Bill of Materials) files to find vulnerabilities in your container images. An SBOM of a container lists all the dependencies included in the image, which in turn allows the scanner to search for known vulnerabilities (CVEs).
688
+
The security tool analyzes your uploaded SBOM (Software Bill of Materials) files to find vulnerabilities in your container images. An SBOM of a container lists all the dependencies included in the image, which in turn allows the scanner to search for known vulnerabilities (CVEs).
689
689
690
690
#### High-level flow
691
691
@@ -702,21 +702,23 @@ No manual action is required to trigger scans after the initial setup.
702
702
703
703
### Container scanning setup
704
704
705
-
You can set up container scanning in one of two ways: by connecting your CI/CD pipeline or by importing your container image manually. Once configured, your image dependencies are scanned daily and results will appear in the Image card list.
705
+
You can set up container scanning in one of two ways: by connecting your CI/CD pipeline or by manually uploading your image SBOM. Once configured, your image dependencies are scanned daily and results will appear in the Image card list.
706
706
707
707
#### CI/CD Integration
708
708
You must authenticate the Codacy CLI so your pipeline can securely send your image SBOM to Codacy.
709
709
710
710
711
711
712
712
In order to do that, you need to:
713
-
Get the API token and set up the environment variable as showed in the UI;
714
-
Install and run Codacy CLI in your pipeline to upload results.
713
+
714
+
1. Get the API token and set up the environment variable as shown in the UI;
715
+
2. Install and run Codacy CLI in your pipeline to upload results.
715
716
716
717
When CI/CD is configured:
717
-
Images pushed through your pipeline are automatically detected
718
-
New tags are picked up as they are published
719
-
Scans are scheduled automatically
718
+
719
+
- Images pushed through your pipeline are automatically detected
720
+
- New tags are picked up as they are published
721
+
- Scans are scheduled automatically
720
722
721
723
This is the recommended setup for continuous coverage.
722
724
@@ -725,11 +727,11 @@ You can also manually upload your container's Software Bill of Materials (SBOM)
725
727
726
728
727
729
728
-
In order to do manually upload an image, you need to:
730
+
To manually upload an image SBOM, you need to:
729
731
730
732
1. Add the image name;
731
733
2. Add the image tag;
732
-
3. Upload your container image file(environment and repository fields are optional).
734
+
3. Upload your SBOM file(environment and repository fields are optional).
733
735
!!! note
734
736
You can use the [Codacy CLI v2](https://github.com/codacy/codacy-cli-v2) to generate and upload your SBOM file to Codacy.
735
737
@@ -762,7 +764,7 @@ Once a tag is scanned, you can click on the `check findings` link to access the
762
764
763
765
!!! important
764
766
Findings are tied to specific image tags. To resolve a finding, "bump" the tag to a newer version if a fixed version exists (if not, a downgrade or an alternative image may be required).
765
-
For dynamic tags such as latest, Codacy will automatically close findings that are no longer present in the current analysis. If you use static tags, you will need to delete tags that are no longer used, as we have a limit of 1000 tags per organization.
767
+
For dynamic tags such as `latest`, Codacy will automatically close findings that are no longer present in the current analysis. If you use static tags, you will need to delete tags that are no longer used, as we have a limit of 1000 tags per organization.
766
768
767
769
### Deleting container image files from Codacy
768
770
@@ -781,6 +783,7 @@ What happens when you delete an image:
781
783
### No Results Yet
782
784
783
785
If there is no last analysis date for an image tag, it means that the SBOM file was received but the scan has not been completed yet. The most likely scenario is that an analysis hasn't been executed yet.
786
+
784
787
!!! note
785
-
Remember that scans run nightly (UTC). If you just uploaded the SBOM file, but need results immediately consider using our [Codacy CLI v2](https://github.com/codacy/codacy-cli-v2) to run a local analysis to scan for any issues.
788
+
Remember that scans run nightly (UTC). If you just uploaded the SBOM file, but need results immediately, consider using our [Codacy CLI v2](https://github.com/codacy/codacy-cli-v2) to run a local analysis to scan for any issues.
0 commit comments