Code-Scan
Last updated
Was this helpful?
Last updated
Was this helpful?
The Code Scan plugin of Devtron allows you to perform the code scanning using Trivy. By integrating the Code Scan plugin into your workflow you can detect common Vulnerabilities, Misconfigurations, License Risks, and Exposed Secrets in your code.
Before integrating the Code Scan plugin, install the integration from Devtron Stack Manager.
Go to Applications → Devtron Apps.
Click your application.
Go to App Configuration → Workflow Editor.
Click New Workflow and navigate to the Build and Deploy from Source Code.
Fill the required fields in the Create build pipeline window and navigate to the Pre-build stage.
If you have already configured workflow, edit the build pipeline, and navigate to Pre-build stage.
Under 'TASKS', click the + Add task button.
Select the Code Scan plugin.
Enter the following with appropriate values.
Enter the name of your task
e.g., Code Scanning
Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
e.g., The Code Scan plugin is integrated for scanning the in-code vulnerabilities.
No input variables are required for the Code Scan plugin.
Code Scan will not be generating an output variable.
Click Update Pipeline.