Scanning a repository with different services
Learn how to scan a repository using different services.
Last updated
Was this helpful?
Learn how to scan a repository using different services.
Last updated
Was this helpful?
Debricked can handle “multiple services” in the same repository. It is common to have monorepositories with different deployments/microservices/etc. in them, but they should be logically separated in the Debricked UI. This is easy to do through the CLI. Have a look at this repository to learn how:
https://github.com/Debricked-Community/debricked-split-repo
This is how the base action looks. Debricked suggests splitting this into two separate actions to get a better overview of what service triggers what rules, and potentially only run the scans on changes in each service:
name: Debricked scan
on: [push]
jobs:
vulnerabilities-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Debricked CLI
run: |
curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked
./debricked --version
# Here I make two separate scans with debricked in different parts of the repo
# This will create two separate repos in the debricked tool, and can be managed
# with different policies etc.
# You can also split these out to two separate actions to make the results easier to consume visually.
- name: Run Scan
run: |
run: |
./debricked scan api/ -r api-service -c $(git rev-parse HEAD) -t $DEBRICKED_TOKEN
./debricked scan web/ -r web-service -c $(git rev-parse HEAD) -t $DEBRICKED_TOKEN
env:
DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}