Prevasio CI/CD Container Security
This topic describes how to set up and use AlgoSec’s Prevasio CI/CD Container Security.
AlgoSec Prevasio CI/CD Container Security solution provides an extensible security plug-in for dev team code repositories that perform an automated scan for Docker containers pipelines. AlgoSec Prevasio builds, simulates runtime, and scans the image statically and dynamically for security risks. This is integrated into the user's GitHub repository CI process.
The action is available only to registered Prevasio users. For the official trial, click here.
The Docker container scan runs each time a Pull Request (in GitHub) is created. The summary of the scan appears in the comments of the Pull Request. For example, one critical risk was found in the code in GitHub:
To see a full report of the scan results, click the link to the full scan report.
Note: You can see a list of your open Pull Requests in Prevasio. The Pull Requests lists provides a structured view of the scan details for each open pull request, to help quickly assess and manage your security findings. See Work with the Prevasio CI/CD Container Security action.
Note: The built-in threat management rules form the basis of the security mechanism used by CI pipeline in GitHub and are described in Threat Management.
Integrations
The Prevasio CI/CD Container Security integrates with the following:
Code repositories | GitHub |
CI/CD systems | GitHub Workflow |
Containerization | Docker |
Set up the Prevasio CI/CD Container Security
For admin and advanced users
Important: Your protected branch rules won't be enforced on your private repository until you move to a GitHub Team or Enterprise organization account.
Do the following:
Work with the Prevasio CI/CD Container Security action
For code developers
Once the Prevasio CI/CD Container Security action is set up, it’s ready for use.
The following instructions explain how to use Prevasio CI/CD Container Security in your CI/CD workflow.
Do the following:
-
In your dev environment, upload changes to your developer branch in GitHub.
-
Click the Pull request tab.
-
Click New pull request.
-
Set to compare your working branch to your main (protected) branch. Click Create pull request.
-
Click View pull request. The Prevasio CI/CD Container Security check runs and the summary of scan results is displayed in the comments section of the Pull Request.
-
To view the full report, in the comments section, click Full report. The full report opens in a new browser tab.
â Next steps: