Skip to main content

Overview of the Repo Scan

Repo Scan allows you to see whether your Infrastructure as Code follows best practices with five clicks.

Repo Scan scans existing Kubernetes or Terraform configuration files stored in a GitHub repository and analyzes the repository for risks. After Repo Scan analyzes the repository, Styra DAS generates a compliance report using policy libraries that identify best practice violations (for example, running containers as root or using unencrypted storage).

When you use Repo Scan, a new System is created that links to that library code and can be run against your GitHub repository.

Repository Access

Repo Scan requires OAuth 2.0 access to GitHub repositories. The selected repositories are cloned as a short-term process. Rules are run against a GitHub repository using an Open Policy Agent (OPA).

Repo Scan does not run analytics on your repository and does not store your code beyond the process used to generate your compliance results.

To remove the GitHub access granted to Repo Scan, go to the GitHub applications page, find the "Styra DAS" entry, and use "Revoke Entry" from the context menu.

Using a Sample Repository

You can test Repo Scan with a public repository, provided by Styra. This option allows you to select "Public repositories" as opposed to "Public and private repositories". The sample respository is Repo Scan.

Repo Scan Results

After Repo Scan completes, it opens the compliance view of your new System and displays a list of any identified violations. You can see further details about any violation by selecting a row in the list, which opens a details view. Within the details view, you can further drill down to the policy that flagged the violation through a hyperlink on the rule path.

Using Repo Scan

Use the following steps to run Repo Scan to analyze a GitHub repository for risks.

  1. Login to Styra DAS.
  2. When you create a new Styra DAS account, you will automatically see the Getting Started dialog box, which includes Scan a GitHub Repository. If you do not see the Getting Started dialog box, click Help (the ? icon) and then select Getting Started.
  3. Select Scan a GitHub Repository.
  4. Click Let’s Get Started. The Select GitHub repository scope pane appears.
  5. Select your GitHub repository scope, Public and private repositories (recommended) or Public repositories.
  6. Click Continue.
  7. The first time you use Repo Scan, the Authorize Styra DAS dialog box appears, click Authorize StyraInc. The Choose a repository to scan pane appears.
  8. Select any repository off of the main (or master) branch with existing Kubernetes or Terraform configuration files.
  9. Click Scan Repository. A progress bar appears as the Styra DAS System is created and the repository is scanned. The setup and scan typically takes 30 to 45 seconds. Once complete, The Styra DAS UI automatically switches over to the Compliance tab of your newly created Repo Scan System, and displays a list of any violations.
  10. (Optional) If violations are discovered, review each violation and if warranted, make changes in your repository to resolve the violation. Commit the changes to your repository.
  11. (Optional) Click Scan Again to rescan the repository to confirm any changes are resolved.

Deleting a Repo Scan System

To delete a Repo Scan System complete the following steps.

  1. Login to Styra DAS.
  2. In Systems select your Repo Scan System.
  3. Click the kebab icon.
  4. Click Delete System. A confirmation dialog box appears.
  5. Type in the name of the System to delete.
  6. Click Delete.