Code Review

Overview

When Bridgecrew is connected to Version Control Systems and CI/CD platforms, every scan generates a fully contextualized Code Review scan result and includes a link to the relevant Policy.
The section of the code which resulted in the error is highlighted and metadata (such as Run time and ID, etc.) is displayed. Depending on the type of scan (VCS scan or CI/CD run) and the status of a PR (latest commit/not latest/commit and PR-open/PR-closed) you will be able to perform functions such as: Suppress, Fix, Search for a specific Run or view Resource Explorer data.

Code Review Types

A Code Review can be either from:

  • VCS/Code Repository - for main branch and, if enabled, for every Pull Request
  • CI/CD runs - if enabled

📘

Note

To see Code Reviews for every Pull Request (and not only the main branch) and from CI/CD runs, you must enable Code Reviews in the Code Repository settings.

Navigating to a Specific Run

There are different ways to reach the Code Review for a specific IaC file or CI/CD run.

  • From the Code Review grid - see below
  • From the integrated Code Repository - see below
  • Browse, Search or Filter the Projects page - see TEMP LINK

📘

Other Ways to Access Code Reviews

For additional ways to access Code Reviews--browsing groups aggregated by path, searching or filtering on a wide range of parameters--see TEMP LINK Projects - Sept 29.

Code Review Grid

  • On the Code Review grid, you can you can sort Code Reviews by parameters such as repo name, branch, Commit number and so on.
  • Click on any row in the Code Review grid and you will be taken to the results of that run on the Projects page.
966966

In the example below, the source is a CI/CD run on Azure Devops.

10311031

Navigate from Code Reviews Tab within Development Pipelines

The Code Reviews tab within Development Pipelines offers another source that lets you navigate to a specific code review. For more information, see Development Pipelines.

19221922

Navigate from an Integrated Code Repository

Errors detected by Bridgecrew are included in the list of failed checks. Press Details to see the Code Review on the Bridgecrew platform.

959959

View Scan from Pull Requests

Introduction

In the case of scans from Code Repositories , you can view scans from the default branch or from Pull Requests (if enabled in Code Repository settings).
In the example below, the source is a Bitbucket repo integrated with Bridgecrew.
Select View PR Scans to see Code Reviews from Pull Requests.

448448

📘

Note

To see Code Reviews for every PR (and not only the default branch), you must enable Code Reviews in the Code Repository settings.
When enabled, View PR Scans will appear.

715715

Enable "Code Reviews" for scans of Pull Requests and CI/CD runs

Navigate to a Specific PR

  • As shown below, when viewing PR scans, you can drop down a list of PRs or search for a specific PR.
  • The name of the PR currently displayed is highlighted in bold.
  • The number of errors in a PR appears next to its name.
255255

Browse or Search PRs

Select a Commit or View Latest

Within a PR, you can view the latest commit, or select a commit from a list of those available.
By default, the newest commit is shown. You can navigate to older commits.

10241024

Choose a Specific Commit or View Latest

Manual Fix for Commit

In some cases, no automated Fix is available. In these cases the details of a manual Fix will appear upon selecting Submit.

  • Manual fixes appear only for a PR which is the most recent Commit.
  • You can find the most recent Commit by selecting View Latest.
  • After applying a manual fix, you will be redirected to Github opens to the relevant code. Select Mark as Fixed,
  • When you press Fix Manually - Github opens to the code where the Policy violation is located and then you press Mark as Fixed.

Return to Default Branch

When viewing PRs, you can return to the default branch by selecting View Master.

518518

View Scan from CI/CD System Run

  • CI/CD scans are listed from the newest to oldest, showing the Bridgecrew scan ID and the timing of the scan. Suppression can be performed on the newest (i.e., to specify this error type for this resource in future runs). For others, you can view the error and its guidelines but cannot Suppress.
  • If the specific CI system in use supports scans of differing branches (as opposed to the entire default branch) and is configured to do so, you can navigate to the different branches by pressing the arrow that will appear for navigating and selecting a specific scan.
  • If the default branch scanned is not named, the display will show "No Name".
10381038

Understanding the Code Review

Introduction

The image below shows the full details of a single error within an IaC file.

In the example below, note:
Right side:

  • The number of open issues in the snapshot (i.e., in a default branch or specific commit for VCS/Code Repository scans and a specific run for scans of CI/CD runs).

  • Resource metadata

  • Resource history
    In the main panel:

  • The part of the code that caused the code to be non-compliant with a Bridgecrew Policy.

  • Brief summary of the relevant Policy.

  • Options to Suppress or Fix the error.

📘

Note

Availability of the options to Suppress and Fix depends on the source and status of the Code Review. See the table below in Options Available per Source and Status.

627627

File Details

Policy and Severity

The colored row at the bottom shows a description of the Policy and its Severity.

Code Details and Proposed Fix

The body of the file information shows the details of the code and the proposed fix.

Suppress Error

10021002

Suppress or Fix an Error

You can Suppress any error.

  1. Press Suppress.
  2. Enter a comment.
  3. Press Suppress on the comment box.
461461

Suppress

This error will not be reported for this file in future scans.

Fix Drift

In some cases, an option will appear to Fix Drift. See Drift Detection.

993993

Manual Fix

For errors found in Pull Requests (i.e., not in the default branch), in cases when an automatic fix is not available, details will appear for a Manual Fix , after you select Submit.

Options Available per Source and Status

The table below details the functions available depending on the source and status of the Code Review.

Source, Type/StatusSuppressFixSearchFilter by UserView Resource Explorer Data
Code Repository - Default BranchYYYYY
Code Repository - latest commit in an open PR
YYYN/AY
Code Repository - latest commit in closed PRYXXXY
CI/CD Run YXXXX