Development Pipelines 👩🏻‍💻

The Development Pipeline screen provides a centralized view of organizations’ repositories and latest scans, providing an easy way to review, prioritize, and manage identified misconfigurations and vulnerabilities.

The Development Pipeline screen includes tabs for Projects and Code Reviews. Each tab displays a graph designed to help users visualize their high-priority repositories and code reviews along with a sortable list of objects to review.

Projects tab

The Projects tab displays integrated version control system (VCS) repositories in a list. By default, repos are sorted in descending order with the highest number of failed open pull/merge requests (PRs/MRs) displayed first. The Projects graph shows open PRs/MRs, broken down by of failed and passed. Scan statuses are assigned to scan items based on previously enabled Enforcement rules, which users can set directly from this view for all or specific repos.

Users can better prioritize which repositories are most important or need immediate attention by searching and sorting repositories by:

  • Weekly commits: The number of merged weekly commits and how much that number has increased or decreased over the previous period.
  • Git users: The number of Git users who contributed code that was merged to the repository’s default branch.
  • Failed open PRs / MRs: The number of failed open pull/merge requests out of total number of open pull/merge requests.
  • Pending Fix PRs / MRs: The number of fix merge/pull requests opened by Bridgecrew that are still pending.
  • Latest PR / MR scan time: The date and time the most recent pull/merge request was scanned by Bridgecrew.

To drill down or take action on open PRs/MRs, users can:

  • Review fix PRs in VCS: This will take you to your open fix pull requests (in GitHub only) if there are any for that repo.
  • Open the latest scan item: This will take you to the latest Bridgecrew scan for that repo.
  • Open failed PR scans in VCS: This will take you to a list of your failed pull requests (in GitHub only) that are open for that repo.
15601560

Development Pipelines - Projects tab with available actions displayed

Code Reviews tab

Replacing the previous Code Reviews screen, our new Code Reviews tab displays the latest 1,000 scan items across all integrations along with a visual representation of scans by status—failed, passed, or suppressed. By default, the latest scans are listed at the top of the list.

Users can better prioritize which scans need immediate attention by searching and sorting scan items by:

  • Git user: The username of the Git user that committed the code that was scanned.
  • Scan failed issues: The number of misconfigurations flagged with a visual identifier of the highest severity identified. Selecting the value will provide a breakdown of misconfigurations by severity.
  • Scan status: Whether the scan passed or failed the system based on Enforcement rules. Selecting the value with provide details on the Enforcement rules that resulted in the failed or passed status.

To drill down or take action on open failed scans, users can:

  • View scan results: This will take you to the Bridgecrew scan in question to view diffs and misconfigurations one by one. You’ll also be able to suppress, fix, or create Jira tickets for them.
  • View scan results in VCS: This will take you to the commit in the VCS that triggered the scan.
15601560

Development Pipelines - Code Reviews tab with Scan failed issues and Enforcement rules displayed

With these two tabs, users will get a comprehensive view of the health of their organization’s VCS repositories and recent code reviews across all their VCS and CI/CD integrations.