Overview

When Bridgecrew is connected to Version Control Systems and CI/CD platforms, every scan generates a fully contextualized Code Review scan result and includes a link to the relevant Policy.
The section of the code which resulted in the error is highlighted and metadata (such as Run time and ID, etc.) is displayed. Depending on the type of scan (VCS scan or CI/CD run) and the status of a PR (latest commit/not latest/commit and PR-open/PR-closed) you will be able to perform functions such as: Suppress, Fix, Search for a specific Run or view Resource Explorer data.

Code Review Types

A Code Review can be either from:

• VCS/Code Repository - for main branch and, if enabled, for every Pull Request
• CI/CD runs - if enabled

📘

Note

To see Code Reviews for every Pull Request (and not only the main branch) and from CI/CD runs, you must enable Code Reviews in the Code Repository settings.

Navigating to a Specific Run

There are different ways to reach the Code Review for a specific IaC file or CI/CD run.

• From the Code Review grid - see below
• From the integrated Code Repository - see below
• Browse, Search or Filter the Projects page - see TEMP LINK

📘

Other Ways to Access Code Reviews

For additional ways to access Code Reviews--browsing groups aggregated by path, searching or filtering on a wide range of parameters--see TEMP LINK Projects - Sept 29.

Code Review Grid

• On the Code Review grid, you can you can sort Code Reviews by parameters such as repo name, branch, Commit number and so on.
• Click on any row in the Code Review grid and you will be taken to the results of that run on the Projects page.

In the example below, the source is a CI/CD run on Azure Devops.

Navigate from an Integrated Code Repository

Errors detected by Bridgecrew are included in the list of failed checks. Press Details to see the Code Review on the Bridgecrew platform.

View Scan from Pull Requests

Introduction

In the case of scans from Code Repositories , you can view scans from the default branch or from Pull Requests (if enabled in Code Repository settings).
In the example below, the source is a Bitbucket repo integrated with Bridgecrew.
Select View PR Scans to see Code Reviews from Pull Requests.

📘

Note

To see Code Reviews for every PR (and not only the default branch), you must enable Code Reviews in the Code Repository settings.
When enabled, View PR Scans will appear.

Navigate to a Specific PR

• As shown below, when viewing PR scans, you can drop down a list of PRs or search for a specific PR.
• The name of the PR currently displayed is highlighted in bold.
• The number of errors in a PR appears next to its name.

Select a Commit or View Latest

Within a PR, you can view the latest commit, or select a commit from a list of those available.
By default, the newest commit is shown. You can navigate to older commits.

Manual Fix for Commit

In some cases, no automated Fix is available. In these cases the details of a manual Fix will appear upon selecting Submit.

• Manual fixes appear only for a PR which is the most recent Commit.
• You can find the most recent Commit by selecting View Latest.
• After applying a manual fix, you will be redirected to Github opens to the relevant code. Select Mark as Fixed,
• When you press Fix Manually - Github opens to the code where the Policy violation is located and then you press Mark as Fixed.

Return to Default Branch

When viewing PRs, you can return to the default branch by selecting View Master.

View Scan from CI/CD System Run

• CI/CD scans are listed from the newest to oldest, showing the Bridgecrew scan ID and the timing of the scan. Suppression can be performed on the newest (i.e., to specify this error type for this resource in future runs). For others, you can view the error and its guidelines but cannot Suppress.
• If the specific CI system in use supports scans of differing branches (as opposed to the entire default branch) and is configured to do so, you can navigate to the different branches by pressing the arrow that will appear for navigating and selecting a specific scan.
• If the default branch scanned is not named, the display will show "No Name".

Understanding the Code Review

Introduction

The image below shows the full details of a single error within an IaC file.

In the example below, note:
Right side:

• The number of open issues in the snapshot (i.e., in a default branch or specific commit for VCS/Code Repository scans and a specific run for scans of CI/CD runs).

• Resource metadata

• Resource history
  In the main panel:

• The part of the code that caused the code to be non-compliant with a Bridgecrew Policy.

• Brief summary of the relevant Policy.

• Options to Suppress or Fix the error.

📘

Note

Availability of the options to Suppress and Fix depends on the source and status of the Code Review. See the table below in Options Available per Source and Status.

File Details

Policy and Severity

The colored row at the bottom shows a description of the Policy and its Severity.

Code Details and Proposed Fix

The body of the file information shows the details of the code and the proposed fix.

Suppress Error

You can Suppress any error.

1. Press Suppress.
2. Enter a comment.
3. Press Suppress on the comment box.

This error will not be reported for this file in future scans.

Fix Drift

In some cases, an option will appear to Fix Drift. See Drift Detection.

Manual Fix

For errors found in Pull Requests (i.e., not in the default branch), in cases when an automatic fix is not available, details will appear for a Manual Fix , after you select Submit.

Options Available per Source and Status

The table below details the functions available depending on the source and status of the Code Review.