When Bridgecrew is connected to Version Control Systems and CI/CD platforms, every scan generates a fully contextualized Code Review scan result and includes a link to the relevant Policy.
The section of the code which resulted in the error is highlighted and metadata (such as Run time and ID, etc.) is displayed. Depending on the type of scan (VCS scan or CI/CD run) and the status of a PR (latest commit/not latest/commit and PR-open/PR-closed) you will be able to perform functions such as: Suppress, Fix, Search for a specific Run or view Resource Explorer data.
A Code Review can be either from:
- VCS/Code Repository - for main branch and, if enabled, for every Pull Request
- CI/CD runs - if enabled
To see Code Reviews for every Pull Request (and not only the main branch) and from CI/CD runs, you must enable Code Reviews in the Code Repository settings.
There are different ways to reach the Code Review for a specific IaC file or CI/CD run.
- From the Code Review grid - see below
- From the integrated Code Repository - see below
- Browse, Search or Filter the Projects page - see TEMP LINK
Other Ways to Access Code Reviews
For additional ways to access Code Reviews--browsing groups aggregated by path, searching or filtering on a wide range of parameters--see TEMP LINK Projects - Sept 29.
- On the Code Review grid, you can you can sort Code Reviews by parameters such as repo name, branch, Commit number and so on.
- Click on any row in the Code Review grid and you will be taken to the results of that run on the Projects page.
In the example below, the source is a CI/CD run on Azure Devops.
The Code Reviews tab within Development Pipelines offers another source that lets you navigate to a specific code review. For more information, see Development Pipelines.
Errors detected by Bridgecrew are included in the list of failed checks. Press Details to see the Code Review on the Bridgecrew platform.
In the case of scans from Code Repositories , you can view scans from the default branch or from Pull Requests (if enabled in Code Repository settings).
In the example below, the source is a Bitbucket repo integrated with Bridgecrew.
Select View PR Scans to see Code Reviews from Pull Requests.
To see Code Reviews for every PR (and not only the default branch), you must enable Code Reviews in the Code Repository settings.
When enabled, View PR Scans will appear.
- As shown below, when viewing PR scans, you can drop down a list of PRs or search for a specific PR.
- The name of the PR currently displayed is highlighted in bold.
- The number of errors in a PR appears next to its name.
Within a PR, you can view the latest commit, or select a commit from a list of those available.
By default, the newest commit is shown. You can navigate to older commits.
In some cases, no automated Fix is available. In these cases the details of a manual Fix will appear upon selecting Submit.
- Manual fixes appear only for a PR which is the most recent Commit.
- You can find the most recent Commit by selecting View Latest.
- After applying a manual fix, you will be redirected to Github opens to the relevant code. Select Mark as Fixed,
- When you press Fix Manually - Github opens to the code where the Policy violation is located and then you press Mark as Fixed.
When viewing PRs, you can return to the default branch by selecting View Master.
- CI/CD scans are listed from the newest to oldest, showing the Bridgecrew scan ID and the timing of the scan. Suppression can be performed on the newest (i.e., to specify this error type for this resource in future runs). For others, you can view the error and its guidelines but cannot Suppress.
- If the specific CI system in use supports scans of differing branches (as opposed to the entire default branch) and is configured to do so, you can navigate to the different branches by pressing the arrow that will appear for navigating and selecting a specific scan.
- If the default branch scanned is not named, the display will show "No Name".
The image below shows the full details of a single error within an IaC file.
In the example below, note:
The number of open issues in the snapshot (i.e., in a default branch or specific commit for VCS/Code Repository scans and a specific run for scans of CI/CD runs).
In the main panel:
The part of the code that caused the code to be non-compliant with a Bridgecrew Policy.
Brief summary of the relevant Policy.
Options to Suppress or Fix the error.
Availability of the options to Suppress and Fix depends on the source and status of the Code Review. See the table below in Options Available per Source and Status.
The colored row at the bottom shows a description of the Policy and its Severity.
The body of the file information shows the details of the code and the proposed fix.
You can Suppress any error.
- Press Suppress.
- Enter a comment.
- Press Suppress on the comment box.
This error will not be reported for this file in future scans.
In some cases, an option will appear to Fix Drift. See Drift Detection.
For errors found in Pull Requests (i.e., not in the default branch), in cases when an automatic fix is not available, details will appear for a Manual Fix , after you select Submit.
The table below details the functions available depending on the source and status of the Code Review.
Filter by User
View Resource Explorer Data
Code Repository - Default Branch
Code Repository - latest commit in an open PR
Code Repository - latest commit in closed PR
Updated 16 days ago