Import repositories to test | Fluid Attacks Help

Import repositories to test

Import repositories using Open Authorization

After you sign up, Fluid Attacks needs access to your repositories to clone them and start security tests. Through Open Authorization (OAuth), you give Fluid Attacks permission to retrieve and clone your repositories without sharing credentials with Fluid Attacks. That is the recommended method for adding your repositories.

Fluid Attacks' platform only supports OAuth with GitLab, GitHub, Azure and Bitbucket. If your repositories are stored elsewhere, you have to add them manually.

Follow these steps to add one or more repositories using OAuth:

  1. Choose your code repository hosting provider from the following screen. Then click the button below.

    Choose repository to test on the free trial of the Fluid Attacks platform

  2. Sign in to your account on the hosting provider's authentication screen.

    Sign in to your account (GitLab example)

  3. Authorize Fluid Attacks to access your repositories.

    Authorize the Fluid Attacks platform to use your account

  4. Follow the steps to import one or multiple repositories.

    Import repositories to Fluid Attacks with Open Authorization

  5. Click on Start scanning when you are done.

    Start scanning the repository you want to test

When Fluid Attacks' AppSec testing tool finds a security vulnerability, you can see it reported on the platform.

A next thing you can do is invite your team members to sign up to Fluid Attacks, so they can be assigned the remediation of vulnerabilities.

Import repositories manually

If you cannot use OAuth, follow this procedure to add repositories manually:

  1. Choose Add your repository manually from the following screen.

    Import repositories manually to Fluid Attacks

  2. Provide the information requested in this screen:

    Add repository information manually to Fluid Attacks

    The images in steps 3 and 4 show the fields filled out as an example. Depending on your repository, the credentials you need to provide may be an SSH key or a Personal Access Token instead of a username and password. Read the Authentication page for more information.

  3. Click Check access when you are done.

    Check access to repository signing up to Fluid Attacks

  4. Successful access with the provided credentials will enable the Start scanning button. Click on it to start security testing.

    Start scans after adding repository manually signing up to Fluid Attacks