Strobes come with built-in open-source and commercial scan connectors with which you can:
- Perform an ad-hoc scan
- Schedule a daily, weekly, and monthly scans
- Trigger a scan remotely by making a CURL request
This article talks about how you can create a config to run an ad-hoc scan or schedule a scan on a timeframe.
Usage Flow Instructions
- Login into Strobes and navigate to the Connectors page
- Click on any of the SAST or DAST connectors. The flow for many of the scan connectors is pretty similar. For the sake of this article, I am selecting SpotBugs.
- In Step One, enter your Configuration Name, select the Baseline and click Next
About Baseline: The purpose of Baseline is to control the noise on the scan results.
- Strict will log vulnerabilities of all severities into the Strobes platform
- High will only log vulnerabilities of Critical and High severity into the Strobes platform
- In Step Two, provide the necessary details such as your Git or SVN repository, Asset to which you want to associate the scan results, Agent etc. and click Next.
- You also have the option to schedule a scan based on your business need.
- In Step 3, you have the option to log the scan results into your ticketing platforms as well as getting the scan alters to your communication tools. Select the appropriate options based on your business need and click Submit.
- You have now successfully created the configuration for SpotBugs. Likewise, the flow is similar for all the connectors.
- Click on New Scan to initiate an ad-hoc scan and provide the necessary branch name that you would want to scan followed by any scanner-specific commands. In case, if you have scheduled the scan, Strobes will trigger the scan automatically when the time comes.
- Once the scan is done, you can view the results.
- You can keep track of the scan status from the Tasks page as well.