Customer is a leading CASB ( Cloud Access Security Broker) Monitoring solution provider.
Client demanded development of a certified GitHub app that would scan IaC(Infrastructure as code) templates against the security policies defined in the platform when one raises a Pull request
- Sacumen developed the certified GitHub app that scan the IaC templates whenever a Pull request was raised. Purpose is to identify the insecure configurations in common Infrastructure-as-Code (IaC) templates – for example, AWS Cloud Formation Templates, Terraform templates, Kubernetes App Deployment YAML files
- User needs to configure the webhook in GitHub to send the events payload on trigger of Pull request.
- The app was written in Java language and hosted as web app to process Webhook events sent by GitHub related to Pull request . App made required API calls to GitHub to fetch the repo and template details. App made REST API calls to the platform for full repo scan.
- User has ability to configure the criteria that defines whether or not you allow the merge for the pull request
- Scan results are displayed to User. Issues were created with scan results based on customer defined criteria