Skip to main content

SCM Configuration

Source Code Management system (Github, Gitlab, Azure DevOps) configuration to work with Q247.

Source Code Management access and credentials

When plugin is ready and installed (whether this is a cloud plugin or private plugin) business user can start to configure which servers and repositories to analyze.

Configuration is done via Manage Organization → Code Repositories.

Source Code Managers

Below is a detailed configuration instruction for each of the supported source code systems.

Configuring Gitlab source code management system

Add new Gitlab source code management by clicking Add SCM.

Provide following configuration data:

  • SCM Name - user friendly name of the CSM system (i.e. “My Company Gitlab #1)
  • Plugin - select which plugin will be used to access this source code management system (Cloud Plugin or any configured Private Plugin)
  • SCM API URL - this is a base URL (usually https with host and port) where company source code management system is available. For standard Gitlab installations this is usually: https://{hostname}:{port}/api/v4 (ie. https://gitlab.myorg.com/api/v4) (mind preserving /api/v4 part)
  • Personal access token - this is a personal access token that can be retrieved from Customer’s gitlab server. Following scopes must be configured for the token: api, read_api, read_repository.
  • Username - name of the user whose personal access token will be used to connect to repository
  • Type - select Gitlab for connecting with Gitlab source code management.

When the Gitlab configuration is saved Enterprise Plugin will receive newly provided configuration and after a couple of minutes will synchronize with the system (provided all configuration and access tokens are valid). Successful synchronization is marked with status set to Operational.

Configuring Github source code management system

Add new Githu source code management by clicking Add SCM.

Provide following configuration data:

  • SCM Name - user friendly name of the CSM system (i.e. “My Company Github #1)
  • Plugin - select which plugin will be used to access this source code management system (Cloud Plugin or any configured Private Plugin)
  • SCM API URL - this is a base URL to Github REST API. By default this is https://api.github.com
  • Personal access token - this is a personal access token that can be retrieved from Github. Following scopes must be configured for the token: repo.
  • Username - name of the user whose personal access token will be used to connect to repository
  • Type - select Github for connecting with Github source code management.
  • Organization Id - organization id/display name (part of github organization url) - when provided, Github api will be called with “organization” mode (for enterprise accounts), when skipped private/personal access will be used

When the Github configuration is saved Enterprise Plugin will receive newly provided configuration and after a couple of minutes will synchronize with the system (provided all configuration and access tokens are valid). Successful synchronization is marked with status set to Operational.

Repositories scanning and analysis

When Source Code Management is marked as Operational one can configure which repositories and when shall be scanned.

Configuration is available via: Manage Organization → Code Repositories then select operational SCM entry and use Manage Repositories.

To enhance security and avoid sharing credentials to our database, you can set them as environment variables. If a private plugin is being used, you can fill in the "Personal Access Token" field in the form of $$YOUR_ENV_VAR_NAME (where YOUR_ENV_VAR_NAME is any name you choose for your environment variable).

Afterward, ensure that the same environment variable (YOUR_ENV_VAR_NAME) is configured on the server where the private plugin is installed. The private plugin will automatically use the specified credentials from the environment variable.

Souce Code Scanning Configuration

To start analysing calories for any repository following actions are required:

Repositories

  • select the repository on the list
  • to scan repository as a part of existing project do select Bulk Operations → Start Scanning to Existing Project
  • to scan repository as a new project (new project entry will be created for organization) do select Bulk Operations → Start Scanning to a new project
  • when scanning repository to existing project do select which project (from existing projects in organization) scan calories to and also choose scanning interval. In case of daily interval please also select appropriate time zone so scanning can be done properly after midnight (according to the timezone setting).

Start scanning existing project

When scanning repository to a new project please provide a business name for the project to which calories which be scanned.

Moreover please select appropriate scanning interval. In case of daily interval please also select appropriate time zone so scanning can be done properly after midnight (according to the timezone setting).

Start scanning new project

After saving the changes the repository information will be updated

  • interval will be set accordingly (H for hourly, D for Daily)
  • status will be set to OPERATIONAL

Enterprise Plugin will pick up newly configured repository and on a successful scan repository Last data scan will be set to a last success scan date.

Repositories scanned