search

Artifact Scan

The Artifact Scan, scans the artifacts from the selected platforms or the configured ones.

This page explains the process of Adhoc Artifact Scan for Amazon Elastic Container Registry (ECR).

  • Before starting with the scan, you need to integrate ECR with the OpsMx platform. Follow the steps provided in Integrating ECRarrow-up-right to complete the process.

  • If ECR data needs to be mapped to a specific team, you need to create the team first. If no team-level segregation is required, skip this step. Follow the steps provided in Managing Teamsarrow-up-right to complete the process.

hashtag
To Access Artifact Scan

  • Click on Scan Now button at the top right corner of the screen.

  • In the screen that appears, select Artifact Scan from the left panel.

  • If the ECR account needs to be associated with a specific team, select the Teams before proceeding else, the ECR account will be added at the organization level.

Now you can Add Project or Upload Project and proceed with the scan.

hashtag
To Add a Project

  • To add or update a new project with artifact scan configurations, click Add Project.

  • The Create Project details page is displayed as shown below. Enter the details for the following fields:

  • Name : Enter a name for the project.

  • Team : Select the desired team from the dropdown menu.

  • Scan Type : The default type is Artifact Scan.

  • Platform : Select the platform type, ECR.

  • Account : Choose the needed account that has been integrated for the selected platform. If no account is available for the selected platform then click Add Account.

    • The integration page is displayed. You can add a new account.

  • Registry: Select the Registry URL from the dropdown menu.

  • Organization / Workspace : Choose the organization or workspace that the selected account has access to.

  • Scan Level : Select the scan level; either organization level or repository level that needs to be scanned.

  • Artifact Configuration : Set the configuration details, and schedule the auto scan time.

  • Artifact Name: Select the artifact name from the dropdown menu.

  • Artifact Tag: Choose one of the three available options based on your requirement: All, Latest , Tags Pattern

circle-info

If All option is selected in Artifact Tag, then all the tags will be displayed in the Tags section.

  • Click Save.

The project gets added for scanning.

hashtag
To Upload a Project

  • To upload a project from your local, click Upload Project.

  • Click Upload File and select the json file you want to add for scanning.

The project gets added for scanning.

hashtag
To Integrate JIRA at Project Level

JIRA can be integrated at project level to create tickets whenever an alert is identified.

  • To integrate JIRA, click the Integrations icon on expanding the project.

  • The JIRA integration page is displayed. Click Add Account and enter the details.

  • Enter the values for the following fields:

    • Account Name - Enter the JIRA account name.

    • Jira Project Key - Enter the name of your Jira project.

    • Jira URL - Enter your Jira host Url

    • Jira Email Id - Enter the username to access Jira.

    • Token - Enter the password / token for the Jira account.

    • Enable Automatically create Jira tickets during the scan to create JIRA ticket to the team owner when the alerts are identified.

    • Trigger Type - Indicates at which level Jira tickets should be created.

      • Create Jira ticket at the Component Alert level - Jira tickets will be created for each individual impacted component.

      • Create Jira ticket at the Deduplication Alert level - A single Jira ticket will be created for all the impacted components.

      • Creation Scope - If Vulnerabilities is selected, Jira is created only for Critical and High alerts. If All Policies is selected Jira is created for all alerts.

    • Enable Assign the Jira ticket to the Team owner if you want to assign the ticket to the team owner.

    • Fields - Enter the labels that need to be added in the created Jira ticket.

    • Values - Enter the values that need to be given in the Jira ticket. The given variables are replaced with actual values when the tickets are created.

    • Status Keyword Mapping - You can set the keywords for the status.

  • Click Test to check if the entered values are valid.

  • Once validated, click Save. The tool is connected.

hashtag
To View and Interpret Scan Results

Once the scan is complete, a confirmation message is updated within the project and OpsMx generates the overall results. They are displayed as shown below:

  • Repos Registered

  • Total Artifact Tags

  • Total Scans

  • Total Projects

  • Auto Scan Enabled Repos

The panel at the bottom displays the project details. On expanding each project you can view the complete details of it.

circle-info

The current status of the scan (completed, pending or failed) is displayed to notify the status of the project.

  • If the scan fails, the error message will be displayed in the project's message section as shown:

  • To edit the configuration details of the project, click the Edit Configuration button.

  • Click the View option in the Action button, to view the SAST and SCA scan results of the project.

  • The results page displays the complete data of the scan details.

    • On clicking the Download button, the scan results are downloaded in .json or .csv format.

    • On clicking Report, the scan results are downloaded in a report format.

    • On clicking Go to Artifact Page, you are redirected to the related artifact page.

PreviousSource ScanNextDast Scan

Last updated