You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/organizations/managing-security-and-risk.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -522,7 +522,7 @@ Security and risk management supports checking the languages and infrastructure-
522
522
The dependency tab is a business-tier feature. If you are a Codacy Pro customer interested in upgrading to gain access to this feature, contact our customer success team.
523
523
524
524
525
-
The **Security and risk management dependencies** page displays a unified view of all dependencies used by your repositories.
525
+
The **Security and Risk Management Dependencies** page displays a unified view of all dependencies used by your repositories.
526
526
527
527
To access the dependencies page, access the [overview page](#dashboard) and click the **Dependencies** tab.
528
528
@@ -534,7 +534,7 @@ You're also able to click any dependency to find out more information about it.
534
534
535
535
536
536
537
-
The dependency overview page offers a quick birds-eye view of that particular dependency. You'll be able to see all different versions that are being used, including which repository is using them, the oldest and most recent versions you're leveraging, as well as the highest criticality of security issues and the license <ahref="#license-scanning"><sup>6</sup></a> applied to any particular version of that dependency.
537
+
The dependency overview page offers a quick bird's-eye view of that particular dependency. You'll be able to see all different versions that are being used, including which repository is using them, the oldest and most recent versions you're leveraging, as well as the highest criticality of security issues and the license <ahref="#license-scanning"><sup>6</sup></a> applied to any particular version of that dependency.
538
538
539
539
540
540
<sup><spanid="semgrep">1</span></sup>: Semgrep supports additional security rules when signing up for [Semgrep Pro](https://semgrep.dev/pricing/).
@@ -550,9 +550,9 @@ You're also able to click any dependency to find out more information about it.
550
550
!!! important
551
551
App scanning is a business feature. If you are a Codacy Pro customer, contact our customer success team to access a short trial.
552
552
553
-
The **Security and risk management app scanning** page allows organizations to scan APIs and Web Applications for security vulnerabilities. This part of our DAST (Dynamic Application Security Testing) capabilities powered by ZAP.
553
+
The **Security and risk management app scanning** page allows organizations to scan APIs and Web Applications for security vulnerabilities. This is part of our DAST (Dynamic Application Security Testing) capabilities, powered by ZAP.
554
554
555
-
To access the app scanning page page, access the [overview page](#dashboard) and click the **App scanning** tab.
555
+
To access the app scanning page, access the [overview page](#dashboard) and click the **App scanning** tab.
556
556
557
557
558
558
@@ -562,10 +562,10 @@ App scanning tests applications in real-world scenarios, making it possible to f
562
562
Already using ZAP? [Upload your results via the API.](../codacy-api/examples/uploading-dast-results.md)
563
563
564
564
### How to scan a target
565
-
To scan a target, you can either: go to the Security and Risk Management dashboard, and access the App Scanning tab, or set it up for automation using our API configuration.
565
+
To scan a target, you can either go to the Security and Risk Management dashboard and access the App Scanning tab, or set it up for automation using our API.
566
566
567
567
!!! important
568
-
Only admins and organization managers will be able to Create new targets and run scans (in app and via the API).
568
+
Only admins and organization managers will be able to create new targets and run scans (both in-app and via the API).
569
569
570
570
571
571
<div>
@@ -577,9 +577,9 @@ allowfullscreen>
577
577
578
578
From within the tab, you're able to configure a new target by inputting the URL of the app or API you'd like to scan. You can configure up to 6 targets within your organization (if you need more, talk to your customer success representative).
579
579
Scans can be triggered manually via the app or the API. As you click to start a scan, it will be first added to that target's queue and then run. If you've got a new version of the app while running a scan, no problem: just add a new scan to the queue, and it will run immediately after. There are no limits to how many scans an organization can run per target, so this should accommodate all your deployment needs.
580
-
Once a scan is complete, it's findings will be added to the findings tab, where you can review them using the filter **Scan types > DAST/App scanning**.
580
+
Once a scan is complete, its findings will be added to the findings tab, where you can review them using the filter **Scan types > DAST/App scanning**.
581
581
582
582
!!! note
583
-
At the moment, DAST issues are only visible to admin and organization admin roles. We'll be reviewing this issue soon.
583
+
Currently, DAST issues are only visible to admin and organization admin roles. We'll be reviewing this issue soon.
584
584
585
585
Next steps for this release include adding Authentication, which will allow scans to have a wider coverage and better, more meaningful results. If you have any feedback, feel free to share it with us or with your customer success manager.
0 commit comments