API Workflow for Scanning a Repository

Table of Contents

Purpose
API Workflow Steps

Purpose

This document highlights an alternative way of using Scan a Repository feature through API workflow.

There are some limitations around GitHub/GitLab OAuth process on using Scan a Repository feature for OSD customers, customers with self-hosted GitHub or GitLab, and customers with a custom URL domain for SD Elements.

API Workflow Steps

1. User obtains an OAuth access token from GitHub or GitLab

GitHub

GitHub provides a Personal Access Token (PAT) which user can use as an OAuth access token for Scan a Repository feature.
This token must be a Personal Access Token generated as a Classic Token. PATs generated as Fine-Grained Tokens will not work with SD Elements due to insufficient permissions.
Ensure that the PAT has repository permissions like the following screenshot, as this allows our service to temporarily clone the repositories during the scan.

For more details on Personal Access Token (Classic), please refer to GitHub documentation.

GitLab

GitLab provides an API method through Resource owner password credentials flow, where users can generate an OAuth access token.
GitLab’s document specifies the following notes in order to use Resource owner password credentials flow:
- Two-factor authentication must be turned off for the GitLab user.
- The Allow password authentication for Git over HTTP(S) checkbox is selected for the GitLab instance.
- The Personal Access Token for the GitLab cannot be used as a replacement for an OAuth access token for "Scan a Repository" feature.
For more details on Resource owner password credentials flow, please refer to GitLab’s documentation.

2. User creates an Authentication Integration Connection

User can set up an authentication integration through Auth Integration Connections API endpoint.

3. User create a Team Onboarding Connection

User can set up a Team Onboarding connection through Team Onboarding Connection API endpoint.

Alternatively, user can set up a Team Onboarding connection through the SD Elements UI.
- Please refer to this User Guide link to set up a Team Onboarding connection through UI: Creating a Repository Connection.

4. User starts a Team Onboarding Scan

User can start a Team Onboarding scan through Team Onboarding Scan API endpoint.

Alternatively, user can start a Team Onboarding scan through the SD Elements UI.
- Please refer to this User Guide link to start a Team Onboarding scan through UI: Running a Scan within a Project.

API Workflow for Scanning