Hi!
I got asked today how Debricked can handle “multiple services” in the same repo. It is common to have monorepos with different deployments/microservices/etc.. in them, but you want to logically separate them in the debricked UI.
This is easy to do through the CLI, and I have an example repository here: https://github.com/emilwareus/debricked-split-repo
This is how the base action looks, but I would probably just split this into two separate actions to get a better overview of what services triggers what rules, and potentially only run the scans on changes in each service.
name: Debricked scan
on: [push]
jobs:
vulnerabilities-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Debricked CLI
run: |
curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked
./debricked --version
# Here I make two separate scans with debricked in different parts of the repo
# This will create two separate repos in the debricked tool, and can be managed
# with different policies etc.
# You can also split these out to two separate actions to make the results easier to consume visualy.
- name: Run Scan
run: |
run: |
./debricked scan api/ -r api-service -c $(git rev-parse HEAD) -t $DEBRICKED_TOKEN
./debricked scan web/ -r web-service -c $(git rev-parse HEAD) -t $DEBRICKED_TOKEN
env:
DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}