Introduction
Software Composition Analysis (SCA) helps detect security vulnerabilities by analyzing the components and dependencies within your application. This guide details how to initiate and complete a SCA scan using version control platforms like GitHub, GitLab, and Bitbucket.
Prerequisites:
You should be signed in with CloudDefense.ai. If not, please refer to our guide on creating a CloudDefense.ai account.
Access to a repository on version control platforms that you wish to scan. Ensure you have administrative privileges to configure scans.
Step 1: Click on “Applications” on Navbar.
Step 2: Click the green “SCAN” button on the left side of the page, and choose a version control platform, here we will choose “GitHub” to proceed further.
Scan Public Repositories :
Step 1: Add Repositories
- Input the URL of the repository or repositories you want to scan.
- Press “Enter” on keyboard
- Select the branches for the scan from the list that appears after clicking on “Select branch” .
- Press the green Scan repo button to begin scanning the selected repositories.
Step 2: Identify the SCA scan report
Step 3: Review the Results
Once your scan is complete, the interface will display a summary of the findings. To delve deeper into the specific vulnerabilities identified during the scan, click on the name of your project (e.g., "vulnado-test"). This action will take you to a detailed overview of each finding.
For a comprehensive understanding of your SAST scan results, please visit the Results page.
To know how to scan private repos, please visit here.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article