After integrating your code repositories, you can configure how Bridgecrew scans your code and interacts with your VCS. This includes:
- Excluding files from Bridgecrew scans
- Enabling and configuring Code Reviews
- Enabling and configuring Pull Request Bot comments
To configure Bridgecrew handling of Code Repositories, go to Settings and then Code Repository Settings.
- The page is divided into different configuration sections. The first section is "Exclude Paths".
- Each section is a set of configuration rules that are applied to different groups of repositories.
- You can configure multiple repositories in a single rule. However, repositories can only be placed in one rule at a time. In order to create a new rule for that policy, you must remove it from its current rule first, then click "Add rule" and include the desired repositories.
- After making changes in any section click "SAVE".
- Hover over a rule and click the trash icon to delete it.
The first rule in every section is configured as the default rule. Every new repository that is added to Bridgecrew's integrations, is automatically added to the first rule.
After integrating code repositories, Bridgecrew Cloud scans all the files in the selected repositories.
You can set paths/files (comma separated) to be excluded from scans using regular expressions. Then select the repositories that you want to exclude the paths/files from.
If you enter
test under Exclude Paths, the files in any path that include the word "test" will not be scanned.
To narrow an exclusion using a specific context such as
/test/, but include paths such as
Try this cheat sheet for help in writing regex.
When Code Reviews are enabled, Bridgecrew checks code changes for every new PR in the selected repositories, displays errors, and offers an option to quickly fix or suppress them.
Code Review actions you can perform include:
- Enabling or disabling code reviews
- Select the repositories to scan
- Set a soft fail based on the returned severity level
- Exclude specific policies from soft failing
When Bridgecrew’s bot is enabled in a Code Repository, it will add comments for errors detected in a PR’s code changes.
Actions you can perform include:
- Enable/disable Pull Request Bot Comments
- Select repositories
- Add Pull Request Bot Comments based on the returned severity level
- Exclude specific policies from Pull Request Bot Comments
Updated 3 months ago