The SOOS GitHub QuickScan allows you to quickly view any vulnerability or license issues associated with a project/branch in GitHub without needing to make a commit.
Before performing a GitHub QuickScan, you will be required to integrate with your GitHub account, after which you can run a QuickScan against your public or private repositories.
- To configure your GitHub integration to allow auto-scanning with each commit, follow instructions in the above linked article to learn about Enabling GitHub Webhooks.
To perform a Github QuickScan
- Within the SOOS application, select GitHub Quickscan in the left navigation menu.
- Choose the desired Repository and Branch then select Scan.
- While the analysis is running, the Recent Scans icon in the left navigation menu will indicate 1 active scan in progress.
- Once the analysis is complete, the scan results will display as a project on the Dashboard.
- If a project already exists for the branch that was QuickScanned, the scan results will file under that project.
- If a QuickScan is the first scan for that branch, and a subsequent GitHub webhook scan is performed, the webhook scan results will file under the project with matching branch information.