CI/CD Security

Panoptica's CI/CD capability enables you to scan Infrastructure as Code (IaC) artifacts, and detect security issues, misconfigurations, and exposed credentials earlier in the pipeline, before the code is deployed to your environment. Panoptica assigns scores based on security findings detected, and presents an aggregated security view of your folders and repositories.

In the Panoptica console, navigate to the CI/CD Security tab under Build and Applications to view the IaC artifacts Panoptica is monitoring.

Connect Pipeline

There are two ways to connect your CI/CD pipeline to Panoptica:

  • By adding GitHub repositories, via the +Add Repository button on the CI/CD screen. . See GitHub App Repositories for details.
  • By adding GitLab repositories, via the +Add Repository button on the CI/CD screen. . See GitLab Group Projects for details.

Supported file types

Panoptica's uses KICS to scan your IaC files. You can find the types of files supported here:

Repository View

On the default Repository tab, you'll see a table with all the code repositories you have added to Panoptica.

  • Click the Filter button to narrow the list according to Repository Name, Provider, Owner, Severity, and/or Favorites
  • Use the Search bar to look for all or part of a name or organization.
    To clear the search, delete any text in the field and click Search on an empty field.
  • If you have a large number of repositories, you can configure how many are displayed on each page. This option appears at the bottom of the table.

You can see high-level information about each repository, including a dedicated risk score based on the security findings detected, their severity, and the overall number of files scanned.

Clicking on a repository takes you to a detailed list of the findings for that repository. Here you can see the actual file structure of the repository - with the file system and folders on the left side, and the findings in each file on the right side. If there is a folder with several files, Panoptica aggregates the findings.

Your repositories are scanned daily, and we also scan the files changed on every PR and update the file structure and findings accordingly.

Pull Requests

Panoptica maintains a list of all PRs to your default branch, and analyzes their impact on the repository. The list of Pull Requests includes both new findings caused by the PR as well as resolved ones.

Here you can see a list of PRs sorted by when they were merged. You can easily change the sorting to go over the PRs that create the most findings, or specifically more high-severity findings.

You can also search and filter results (pull requests), based on your search term. The search includes the PR name, the repository that it's in, and the user who created it.

Pull Request Details

When clicking on a PR, you can see additional details about the PR.

You can choose between two tabs:

  • A list of new findings introduced in the PR
  • The PR details from the SCM (Source Code Management).

List of Findings
In the list of findings, each PR is related to one or more files that were changed. Panoptica scans all of the related files for findings and compares this to the results of the latest scan to determine the new findings created by this PR, or the ones resolved by it.

PR details
The PR details are from the SCM (Source Code Management). The details help you understand the “who, when, and why” of a PR, beyond the findings count - so that you have more context and ability to communicate to other teams.

The details include a list of the files changed by the PR, who created the PR, when it was merged, and from which branch.

You can see:

  • The number of changed files.
  • The number of files changed with new findings.
  • The number of findings resolved by this PR.
  • A link to the PR in the SCM.
  • Who the PR was created by.
  • When the PR was merged, if applicable.