Interpret scan results

The Projects page will contain an inventory of all projects added and a high level summary of findings. You can expand on a particular project to view details about vulnerabilities found as well as guidance on how to fix those. For our examples, we will want to configure three integrations:

  1. Source code management with GitHub

  2. Container registry with Amazon Elastic Container Registry (ECR)

  3. Cloud native applications on Kubernetes

Source Code Management

A scan of our Git repository will yield any potential vulnerabilities in our applications open source dependencies.

Container Registry

Scanning container images in our private registry will analyze our base image and provide upgrade recommendations to reduce known vulnerabilities.

Kubernetes

Enabling the Kubernetes integration will provide insights and guidance on fixing security misconfigurations in your deployments.