Repository Scan
The Styra DAS Repository Scan System is a special System that scans existing Kubernetes or Terraform configuration files stored in a Git repository hosted on a Git provider such as GitHub, Bitbucket, or Azure Git and analyzes the repository for risks. After Repo Scan analyzes the repository, Styra DAS generates a compliance report using policy libraries that identify best practice violations.
When you create a Repository Scan (Repo Scan) System through the Styra DAS UI, GitHub is the only Git provider that can be configured. Use the Styra DAS API to configure other Git repositories.
When you use Repo Scan, a new System is created that links to that library code and can be run against your Git repository.
Repository Access
Repo Scan requires OAuth 2.0 access to GitHub repositories. The selected repositories are cloned as a short-term process. Rules are run against a GitHub repository using an Open Policy Agent (OPA).
In order to use Repo Scan with other Git providers (for example BitBucket or Azure Git) refer to creating a Repo Scan System with the API
Repo Scan does not run analytics on your repository and does not store your code beyond the process used to generate your compliance results.
To remove the GitHub access granted to Repo Scan, go to the GitHub applications page, find the "Styra DAS" entry, and use "Revoke Entry" from the context menu.
Using a Sample Repository
You can test Repo Scan with a public repository, provided by Styra. This option allows you to select "Public repositories" as opposed to "Public and private repositories". The sample repository is Repo Scan.
Repo Scan Results
After Repo Scan completes, it opens the compliance view of your new System and displays a list of any identified violations. You can see further details about any violation by selecting a row in the list, which opens a details view. Within the details view, you can further drill down to the policy that flagged the violation through a hyperlink on the rule path.
Creating a Repository Scan System through the Styra DAS UI
Use the following steps to create a Repository Scan System through the Styra DAS UI to analyze a GitHub repository for risks.
- Login to the Styra DAS UI.
- In System, click the Add button. The Create System dialog box appears.
- For System Type, select Repository System.
- Type in the System name.
- (Optional) Type the description for the system.
- For Launch Quick Start leave the toggle configured for No.
- Expand Advanced.
- For Show Errors leave the toggle configured for Yes.
- For Read-only leave the toggle configured for No.
- In Git Repository (required) click Select Repository. The Select GitHub repository scope pane appears.
- Select your GitHub repository scope, Public and private repositories (recommended) or Public repositories.
- Click Continue.
- The first time you create a Repository Scan System, the Authorize Styra DAS dialog box appears, click Authorize StyraInc. The Choose a repository to scan pane appears.
- Select any repository off of the main (or master) branch with existing Kubernetes or Terraform configuration files.
- Click Confirm Selection.
- (Optional) Configure the GitHub Reference.
- (Optional) Configure the GitHub Repository Path.
- By default the Secrets API Credentials Path is configured based on the credentials accessed when Authorize StyraInc is configured.
- Click Create System. A progress bar appears as the Styra DAS System is created and the repository is scanned. The setup and scan typically takes 30 to 45 seconds. Once complete, The Styra DAS UI automatically switches over to the Compliance tab of your newly created Repo Scan System, and displays a list of any violations.
- (Optional) If violations are discovered, review each violation and if warranted, make changes in your repository to resolve the violation. Commit the changes to your repository.
- (Optional) Click Scan Again to rescan the repository to confirm any changes are resolved.