How To's
1.1 How to Create a Workspace
- Create your workspace by clicking on the Create Workspace
![Workspace Workspace](https://res.cloudinary.com/letsbloom/image/upload/v1684843454/how_to_create_a_work_space_01_s6vmbn.jpg)
![Workspace Workspace](https://res.cloudinary.com/letsbloom/image/upload/v1684843454/how_to_create_a_work_space_02_foqrtt.jpg)
2.1 How to Add a GitHub Connector
- Add a Github connector to a created workspace
![GitHub GitHub](https://res.cloudinary.com/letsbloom/image/upload/v1684843911/how-to-add-a-github-connector-01_yfousa.jpg)
- Add a GitHub username and a personal access token that has repository read permissions
- For more information on creating a personal access token, look up this link
![GitHub GitHub](https://res.cloudinary.com/letsbloom/image/upload/v1684912534/how-to-add-a-github-connector-02_wguiyo.jpg)
- Select the Repository and Branch and click Save
![GitHub GitHub](https://res.cloudinary.com/letsbloom/image/upload/v1684843911/how-to-add-a-github-connector-03_s8xcfm.jpg)
- Git hub should now be successfully added as a valid artifact
![GitHub GitHub](https://res.cloudinary.com/letsbloom/image/upload/v1684843911/how-to-add-a-github-connector-04_rwczgy.jpg)
2.2 How to Add a Docker Hub Connector
- Add a Docker Hub connector to a created workspace
![Docker Hub Connector Docker Hub Connector](https://res.cloudinary.com/letsbloom/image/upload/v1684844221/how-to-add-a-docker-hub_-connector-01_nxd2tt.jpg)
- Add a Docker Hub username and a personal access token that has repository read permissions
- For more information on creating a docker hub token, look up this link
![Docker Hub Connector Docker Hub Connector](https://res.cloudinary.com/letsbloom/image/upload/v1684844221/how-to-add-a-docker-hub_-connector-02_mhr41d.jpg)
- Enter the Repository and Tag information of your docker containers
2.3 How to Add an AWS Connector
- Add an AWS connector to a created workspace
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1684912706/how-to-add-an-aws-connector-01_o6xura.jpg)
- Enter the AWS account ID you wish to connect to
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1685355891/how-to-add-an-aws-connector-02_puedkh.png)
- In your AWS account under IAM > Roles > Create Role
- Select AWS account as the Trusted entity type
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1684845323/how-to-add-an-aws-connector-03_odfiwb.jpg)
- Give this account id "418523410026" as the Identifier
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1685356030/how-to-add-an-aws-connector-04_tpythn.png)
- Check the External ID option
- Give the External Identifier as displayed on the letsbloom AWS connector tab
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1685356127/how-to-add-an-aws-connector-05_ms59nt.png)
- Select ReadOnlyAccess as the Policy Name
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1684845324/how-to-add-an-aws-connector-06_pzfyn7.jpg)
- Enter the Role name
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1684845325/how-to-add-an-aws-connector-07_jivk8x.jpg)
- Create the role
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1684845324/how-to-add-an-aws-connector-08_ixxlja.png)
- Copy the Role ARN
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1685362165/how-to-add-an-aws-connector-09_qwi8gr.png)
- Enter it into the Service Connection tab and click Activate
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1685356266/how-to-add-an-aws-connector-10_xzv7xh.png)
2.4 How to Add an ECR Connector
- Add an ECR connector to a created workspace
![ECR connector ECR connector](https://res.cloudinary.com/letsbloom/image/upload/v1684904340/how-to-add-a-ecr-_connector_hairpv.jpg)
- In the Username field, enter AWS
- In the PAT, enter your password
- In the case of ECR, it would be the output of the below command
aws ecr get-login-password --region <region-name>
- The registry would be
<cloud accound id>.dkr.ecr.<the region of your ecr>.amazonaws.com
- Click Create. Your connection should be validated successfully provided you have "ECR read" permissions to the role definition
Note: AWS sets the password expiry to 12 hours to access ECR
2.5 How to Add an Azure Subscription
Using the Azure Portal
- Navigate to Azure Active Directory and click on App registrations
![Azure Subscription Azure Subscription](/themes/letsbloom/assets/Images/azure-subscription-1.jpg)
![Azure Subscription Azure Subscription](/themes/letsbloom/assets/Images/azure-subscription-2.jpg)
- Click on New registration
- Enter the Name (ex-cloudapp) and select Supported account types as "Accounts in any organizational directory (Any Azure AD directory - Multitenant)"
- Click on Register.
![Azure Subscription Azure Subscription](/themes/letsbloom/assets/Images/azure-subscription-3.jpg)
- Navigate to Certificates & secrets
![Azure Subscription Azure Subscription](/themes/letsbloom/assets/Images/azure-subscription-4.jpg)
- Click on new Client secret. Add the Description and select Expires as 12 or 6 months. Click Add
![Azure Subscription Azure Subscription](/themes/letsbloom/assets/Images/azure-subscription-5.jpg)
- Note down the Value and Secret ID
- Now go to the respective subscription
![Azure Subscription Azure Subscription](/themes/letsbloom/assets/Images/azure-subscription-6.jpg)
- Assign a Reader role to the created app
- Take a note of the following
- Application (client) ID
- Directory (tenant) ID
- Subscription ID
- Secret ID (password)
- In the letsbloom portal, enter the below details to create a Service Connection
![Azure Subscription Azure Subscription](/themes/letsbloom/assets/Images/azure-subscription-7.jpg)
Using the Azure Command Line
- Login to Azure using the CLI with az login
- Run the below commands
SUBSCRIPTION_ID=<set subscription id here>
az account set --subscription $SUBSCRIPTION_ID
az provider register --namespace 'Microsoft.Security'
az ad sp create-for-rbac -n cloudapp --role reader --scopes /subscriptions/$SUBSCRIPTION_ID
- Take a note of the following
- Application (client) ID
- Directory (tenant) ID
- Subscription ID
- Secret ID (password)
- In the letsbloom portal, enter the below details to create a Service Connection
![Azure Subscription Azure Subscription](/themes/letsbloom/assets/Images/azure-subscription-8.jpg)
3.1 How to Generate a Compliance Report
- Under a workspace that has artifacts attached, click Initiate Scan
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1684846056/how-to-generate-a-compliance-report-01_f1nket.jpg)
- Click View Logs
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1684846056/how-to-generate-a-compliance-report-02_t4izbf.jpg)
- Wait for scan to complete
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1684846057/how-to-generate-a-compliance-report-03_bdhc2e.jpg)
- Click View Report
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1684846058/how-to-generate-a-compliance-report-04_yfxsn3.jpg)
- You should be able to view the reports
![AWS AWS](https://res.cloudinary.com/letsbloom/image/upload/v1685361150/how-to-generate-a-compliance-report-05_rhfpvr.png)
3.2 How to View All IaC Findings
- In the Navigation bar, click on IaC
- Filter by your workspace
![IAC IAC](https://res.cloudinary.com/letsbloom/image/upload/v1685427504/how-to-view-all-iac-findings_h28axi.png)
3.3 How to View All Cloud Findings
- In the Navigation bar, click on Inventory
- Filter by your workspace
![Cloud Findings Cloud Findings](https://res.cloudinary.com/letsbloom/image/upload/v1685427504/how-to-view-all-cloud-findings_caddqm.png)
3.4 How to View All Container Vulnerabilities
- In the Navigation bar, click on Vulnerability
- Filter by your workspace
![Cloud Findings Cloud Findings](https://res.cloudinary.com/letsbloom/image/upload/v1684846453/how-to-view-all-container-vulnerabilities_zt8qht.jpg)
4.1 Create a New API Key
- Under your user profile tab on the right, navigate to My Account
![API keys API keys](https://res.cloudinary.com/letsbloom/image/upload/v1685356751/how-to-use-api-keys-for-continuous-workspace-scans-01_z67arv.png)
- Click New API key
- Enter a Description and select key Validity
![API key API key](https://res.cloudinary.com/letsbloom/image/upload/v1685359255/how-to-use-api-keys-for-continuous-workspace-scans-02_uyaj4z.png)
- Copy the generated key
- Navigate to your created workspace that you would like to scan on push
- From the address bar, select the workspace Identifier
.letsbloom.io/workspace/e2703XXXXXXXXXXXXXXXXXXXXXXX
- Navigate to Venture Settings
- Copy the Venture ID
Venture Settings - Ofcdce3c-XXXX-XXXX-XXXX-XXXXXXXXXXXX
4.2 Initiate a Scan from CI/CD Pipeline
- Now from your CI / CD pipeline that is mapped to the source control attached to the workspace, make an API call as one of the tasks
- For example, in Azure DevOps that would be a task in the pipeline
![Azure Devops Azure Devops](https://res.cloudinary.com/letsbloom/image/upload/v1684904131/how-to-use-api-keys-for-continuous-workspace-scans-05_o1iwrp.jpg)
- The API call would look like the below
curl --location --request POST "https://api.prod.bloom.tech/inventory/v1/ventures/ < Venture ID >/workspaces/< workspace Identifier >/scan" --header "API-X-KEY: