How to scan a repository with different services

  • 16 October 2023
  • 0 replies
  • 69 views

Userlevel 3
Badge +1

Hi! 

I got asked today how Debricked can handle “multiple services” in the same repo. It is common to have monorepos with different deployments/microservices/etc.. in them, but you want to logically separate them in the debricked UI. 

This is easy to do through the CLI, and I have an example repository here: https://github.com/emilwareus/debricked-split-repo 


This is how the base action looks, but I would probably just split this into two separate actions to get a better overview of what services triggers what rules, and potentially only run the scans on changes in each service. 
 

name: Debricked scan

on: [push]

jobs:
vulnerabilities-scan:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- name: Install Debricked CLI
run: |
curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked
./debricked --version

# Here I make two separate scans with debricked in different parts of the repo
# This will create two separate repos in the debricked tool, and can be managed
# with different policies etc.
# You can also split these out to two separate actions to make the results easier to consume visualy.
- name: Run Scan
run: |
run: |
./debricked scan api/ -r api-service -c $(git rev-parse HEAD) -t $DEBRICKED_TOKEN
./debricked scan web/ -r web-service -c $(git rev-parse HEAD) -t $DEBRICKED_TOKEN
env:
DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}

 


0 replies

Be the first to reply!

Reply