How to Scan Your Source Code

OpsMx builds its Application, AI context graph and security data fabric from 100+ integrations with industry leading security and DevOps tools.

Step 1: Start a New Scan

1. After logging into the application, you will see the main dashboard.
2. Click the Scan Now button located in the top-right corner of the screen.

Step 2: Select Scan Type and Add a Project

1. On the “On Demand Scanning” page, select Source Scan from the options on the left.
2. Click the + Add Project button on the right side of the screen.

Step 3: Configure Your Project

You will now see the “Create Project” form. Fill out the following fields to configure your scan:

1. Name: Enter a descriptive name for your project so you can easily identify it later.
2. Team: Select default.
3. Platform: Choose your code hosting platform from the dropdown menu (e.g., GitHub).
4. Scan Type: Select whether you are scanning an Organization or a personal User repository.
5. Account: Select the appropriate account you want to scan from.
6. Organization / Workspace: Enter the name of the GitHub organization or workspace you wish to scan.
7. Scan Level:
   • Choose Repository to scan a single, specific repository.
   • Choose Organization/Workspace to scan all repositories within the specified organization.
8. Repo / Project:
   • If you selected “Repository” as the Scan Level, choose the specific repository from this dropdown.
   • This will default to “All” if you are scanning an entire organization.
9. Branch: Select which branch(es) to scan. You can choose to scan All Branches, a specific branch like Main, or use a custom pattern.
10. Branch / Branch Pattern: If you chose to use a pattern in the previous step, enter the branch name or pattern here (e.g., entering “production” will scan all branches containing that word).
11. Scan Up To: Set a numerical limit for the maximum number of branches to be scanned.
12. Schedule an Auto Scan: Optionally, you can set a schedule for the project to be re-scanned automatically (e.g., every 30 days). This ensures your results stay up-to-date as your code changes.

Step 4: Save and Start Scanning

Once you have filled out all the necessary fields, click the Save button in the bottom-right corner. Your project will be added to the queue and the scan will begin.

How to Scan Your Source Code:

Once your scan completes you will be able to review your results by clicking on the View Button:

Open SSF Score:

You will see the OpenSSF Score for the repository that you have scanned:

Static Code Analysis:

Selecting the SAST Tab will allow you to review the Static Code Analysis results for the Repository:

SCA Reporting:

License Scan Results:

Code Secrets:

SBOM: