After you sign up, Fluid Attacks needs access to your repositories to clone them and start security tests. Through Open Authorization (OAuth), you give Fluid Attacks permission to retrieve and clone your repositories without sharing credentials with Fluid Attacks. That is the recommended method for adding your repositories.
Fluid Attacks' platform only supports OAuth with GitLab, GitHub, Azure and Bitbucket. If your repositories are stored elsewhere, you have to add them manually.
Follow these steps to add one or more repositories using OAuth:
Choose your code repository hosting provider from the following screen. Then click the button below.
Sign in to your account on the hosting provider's authentication screen.
Authorize Fluid Attacks to access your repositories.
Follow the steps to import one or multiple repositories.
Click on Start scanning when you are done.
When Fluid Attacks' AppSec testing tool finds a security vulnerability, you can see it reported on the platform.
A next thing you can do is invite your team members to sign up to Fluid Attacks, so they can be assigned the remediation of vulnerabilities.
If you cannot use OAuth, follow this procedure to add repositories manually:
Choose Add your repository manually from the following screen.
Provide the information requested in this screen:
The images in steps 3 and 4 show the fields filled out as an example. Depending on your repository, the credentials you need to provide may be an SSH key or a Personal Access Token instead of a username and password. Read the Authentication page for more information.
Click Check access when you are done.
Successful access with the provided credentials will enable the Start scanning button. Click on it to start security testing.