DevOps teams use Projects to gain a file-centric view of their IaC. In projects errors are sorted by directory and file structure and provide instant visibility to each resource's dependencies and history. By evaluating resources alongside additional file in a subject directory and with the related context from a resource perspective DevOps can select which fixes should be promoted and which errors should remain as known accepted risks.
Code Reviews for Pull Requests and CI/CD Runs
The Projects page shows errors related to a repository's default branch.
In order to explore other Code Review use cases, i.e., scan of every Pull Request and every CI run, you must enable Code Reviews in Code Repository Settings.
Projects are based on Git-based code repositories. You can navigate between repositories organized by path, or search for a known branch scan in Code Reviews. For each repository all directories and sub-directories that currently include errors are displayed.
Selecting a specific error automatically loads the related information. Useful information here would include full resource metadata, related resources extracted from the graph as well as full resource history.
The colored row at the bottom shows a description of the Policy and its Severity.
Press the colored bar to see:
- Description and Rationale
The body of the file information shows the details of the code and the proposed fix.
An option to automatically Fix or Remediate appears for most errors.
See also Manual Fix below.
- Press FIX. COMPLETED will appear at the top right.
- Press SUBMIT . This triggers a new build.
In some cases, no automated Fix is available, but you will see an option for Fix Manually.
To read the explanation and procedure for Manual Remediation of this error, press More and then Full Guidelines. A new tab opens.
To open GitHub/Bitbucket in order to implement the Manual Fix, press FIX MANUALLY.
A filter pane on the right side of the page can help further narrow the scope of work on a given repo.
Enables filtering between policy categories and select a sub group of issues to solve.
Enables filtering only on high impact issues and clearing low impact issue from the error view.
Enables filtering only on tagged individual key-value pairs.
Use Search to pinpoint specific code snippets, file names or directories. To use search click the magnifier icon on the top right part of your screen. Enter the text you wish to find, and hit Enter. Search results immediately appear, highlighting the searched text across mediums.
Bridgecrew automatically maps code changes to their individual commits and users. On the top right corner, the list of all contributing users enables quickly zooming in on changes introduced by specific developers. You can also select to view errors by user by clicking the name of a user in an error box.
Updated over 1 year ago