Scanning a repository with different services

Learn how to scan a repository using different services.

Debricked can handle “multiple services” in the same repository. It is common to have monorepositories with different deployments/microservices/etc. in them, but they should be logically separated in the Debricked UI. This is easy to do through the CLI. Have a look at this repository to learn how:

https://github.com/Debricked-Community/debricked-split-repo

This is how the base action looks. Debricked suggests splitting this into two separate actions to get a better overview of what service triggers what rules, and potentially only run the scans on changes in each service:

https://github.com/Debricked-Community/debricked-split-repo/blob/main/.github/workflows/debricked.yml

name: Debricked scan

on: [push]

jobs:
  vulnerabilities-scan:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - name: Install Debricked CLI
        run: |
          curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked
          ./debricked --version

      # Here I make two separate scans with debricked in different parts of the repo
      # This will create two separate repos in the debricked tool, and can be managed
      # with different policies etc. 
      # You can also split these out to two separate actions to make the results easier to consume visually. 
      - name: Run Scan
        run: |
          run: |
          ./debricked scan api/ -r api-service -c $(git rev-parse HEAD) -t $DEBRICKED_TOKEN
          ./debricked scan web/ -r web-service -c $(git rev-parse HEAD) -t $DEBRICKED_TOKEN
        env:
          DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}

Last updated 4 months ago

Was this helpful?