CI/CD Posture
Panoptica assesses the security posture of the CI/CD resources you've integrated by scanning them for misconfigurations and risks. The security findings are assigned severity levels and presented on the CI/CD Posture screen, where you can manage and prioritize them. Panoptica also provides details about the findings, as well as guided remediation steps, enabling you to mitigate the security posture risks to your development pipeline.
In the Panoptica console, navigate to the CI/CD Posture tab under Build and Applications to view potential risks to your software supply chain security.
Connect Repositories
In order to scan your CI/CD resources, you first need to integrate them into Panoptica. Select Settings in the navigation pane, and go to the Repositories tab. Click the +Add Repository and select your SCM provider.
Panoptica currently supports two SCM providers:
- For detailed instructions for adding GitHub, see GitHub Integration.
- For detailed instructions for adding GitLab, see GitLab Integration
Security Risks
At the top you will find summary information about the risk filter you are viewing, as well as a widget bar that provides a holistic view of the security findings identified, broken down by severity level. You can also click on these cards, which serve as "quick filters" for the security findings below.
Click the Filter button to narrow the list according to severity, type, and/or issue status. Use the Search bar to help you focus on specific findings that you want to analyze.
The Security Findings table provides a snapshot view of risks identified in your organization and repositories.
Security Findings Details
Clicking on a file name in the Security Findings table pops up a side window that displays additional details about that finding.
The buttons at the top of the overlay window enable specific actions on that finding:
- Click Copy Link to retrieve a URL of a page displaying these details. .
Under Description, you will find additional details about the risk, enabling you do dig deeper into the issue and gain a better understanding of how it can impact your security posture. The details under Description include the type of resource (organization or repository), when it was first discovered, and when it was last seen.
The Threat section describes the possible impact of the risk examined
Under Remediation you will find the steps required to resolve the issue.
Panoptica scans the repositories you've integrated once a day.
Updated 4 months ago