Below are the guidelines to create an application and initiate scanning of your infrastructure-as-code and docker containers:
Once you sign into the platform, you will be directed to a page where you can begin importing the app details. At this point, you should have a Github/Gitlab/Bitbucket repo with the app IaC and/or a docker container(s). For scanning IaC code, in addition to repo details, you need to provide a personal access token (PAT).
Explore the following links for a guide on how to create a personal access token for each service:
Click “Create My First App” to initiate the process.
When generating the scope available for the created PAT, the following aspects should be enabled for each service:
In BitBucket Cloud, PATs are called App Passwords.
To add an App Password:
- Log into your BitBucket account on bitbucket.org
- Click Profile avatar in top right corner and select Personal Settings in the dropdown menu
- In the right-hand sidebar, click App Passwords (under Access Management category)
- Click Create App Password
- Label your App Password, then select the Repositories Read checkbox
- Click Create
- Your PAT / App Password will be displayed in the resulting pop-up window. Make sure to save this, as it won’t be accessible after closing the pop-up!
If the repository is part of an Organization, the Personal Access Token will need to be generated with SSO. Please see the following documentation to set this up:
App name and description
- Give a name and description to your application
- Click “Save and Continue”
Scan IaC (optional)
At this step you can either scan Iac or skip it and continue with docker scan.
To scan IaC, click Yes and enter the following details:
- Username, a url leading to the repo where your code is saved (note: This url needs to end with .git – ex. https://github.com/example/repo.git)
- Generated personal access token
- Branch in which the code should be scanned
Locate Repo URL:
Scan docker container (optional)
This step gives you the option to scan docker containers.
To scan docker containers, click Yes and enter the following details:
- Click ‘Add New’ to add a new docker connection
- Select if it is a Docker Hub connection or Other
- Enter your Docker ID and Password or Token
- Click “Verify”
- Select this newly created connection in the “Select Service Connection” drop down menu
- Enter your docker namespace (typically the Docker username) and repository name
- Choose to create additional connections and/or add more repositories to be scanned
- Once complete click “Continue”
Once all the required details are furnished, click ‘Initiate Scan’ to begin the scanning process. The scanning typically takes a few minutes. The app card will automatically update when the scan is complete.