Configure Code Repository Settings

Overview

After integrating your code repositories, you can configure how Bridgecrew scans your code and interacts with your VCS. This includes:

Code Repository Configuration Settings

To configure Bridgecrew handling of Code Repositories, go to Settings and then Code Repository Settings.

Page Structure

  • The page is divided into different configuration sections. The first section is "Exclude Paths".
  • Each section is a set of configuration rules that are applied to different groups of repositories.
  • You can configure multiple repositories in a single rule. However, repositories can only be placed in one rule at a time. In order to create a new rule for that policy, you must remove it from its current rule first, then click "Add rule" and include the desired repositories.
  • After making changes in any section click "SAVE".
  • Hover over a rule and click the trash icon to delete it.

📘

Default rules

The first rule in every section is configured as the default rule. Every new repository that is added to Bridgecrew's integrations, is automatically added to the first rule.

Exclude Files from Scan

After integrating code repositories, Bridgecrew Cloud scans all the files in the selected repositories.
You can set paths/files (comma separated) to be excluded from scans using regular expressions. Then select the repositories that you want to exclude the paths/files from.

Examples

If you enter test under Exclude Paths, the files in any path that include the word "test" will not be scanned.
To narrow an exclusion using a specific context such as /test/, but include paths such as _unitest, use \/test\/.

📘

Tips

Try this cheat sheet for help in writing regex.

Enable and Configure Code Reviews

When Code Reviews are enabled, Bridgecrew checks code changes for every new PR in the selected repositories, displays errors, and offers an option to quickly fix or suppress them.

Code Review actions you can perform include:

  • Enabling or disabling code reviews
  • Select the repositories to scan
  • Set a soft fail based on the returned severity level
  • Exclude specific policies from soft failing

Enable and Configure Pull Request Bot Comments

When Bridgecrew’s bot is enabled in a Code Repository, it will add comments for errors detected in a PR’s code changes.

Actions you can perform include:

  • Enable/disable Pull Request Bot Comments
  • Select repositories
  • Add Pull Request Bot Comments based on the returned severity level
  • Exclude specific policies from Pull Request Bot Comments

Did this page help you?