The SOOS GitHub QuickScan allows you to quickly view any vulnerability or license issues associated with a project/branch in GitHub without needing to make a commit.
Before performing a GitHub QuickScan, you will be required to integrate with your GitHub account, after which you can run a QuickScan against your public or private repositories.
- To configure your GitHub integration to allow auto-scanning with each commit, follow instructions in the above linked article to learn about Enabling GitHub Webhooks.
To perform a Github QuickScan
- Within the SOOS application, select GitHub Quickscan in the left navigation menu.
- Choose the desired Repository and Branch then select Scan.
- Note: QuickScans can only be performed on one Repository/Branch combination at a time
- While the analysis is running, the Recent Scans icon in the left navigation menu will indicate 1 active scan in progress.
- Once the analysis is complete, the scan results will display as a project on the Dashboard.
- If a project already exists for the branch that was QuickScanned, the scan results will file under that project.
- If a QuickScan is the first scan for that branch, and a subsequent GitHub webhook scan is performed, the webhook scan results will file under the project with matching branch information.
To allow SOOS access for continuous scans of repositories as they are updated, webhooks need to be enabled. To rescan the most recent version of the repository to check for any newly reported vulnerabilities, use the Rescan Now option.
Read about the options for branch scan filter settings in our Configurations article.