Set up Inline Reviews

You can use the Inline Reviews setting as the remediation type when you want Tenable Cloud Security to add issues to the configured repository for any violations. The working of inline review depends on whether you have enabled the webhook for monitoring the repositories.

Before you begin:

The following permissions are required:

  • Admin-level privileges to the repository to enable webhook.

  • Write access to the repository to enable inline reviews.

To set up inline reviews for your repositories:

  1. Navigate to the Connect to repository page and select the version control workflow.

  2. On the Choose onboarding repositories section, select the repository and click the icon.

  3. In the Advanced settings window, perform the following:

    1. In the IaC Engine Type box, select Terraform or Terragrunt.

    2. (Optional) Click the Enable Webhook toggle to allow Tenable Cloud Security to continuously monitor your repository for any changes.

      If this option is enabled, Tenable Cloud Security continuously monitors the repositories and triggers an automatic IaC scan for any code change in the monitored branch of the repository.

    3. From the Remediation type drop-down list, select the Inline Reviews option.

      The behavior of the Auto-Remediate setting depends on the webhook setting in the previous step.

      • Webhook Enabled — If webhook is enabled, Tenable Cloud Security continuously monitors the repositories in the project. Whenever there is a code change in the monitored branch (through a pull request, merge, or commit), Tenable Cloud Security triggers an automatic IaC scan. If any violations are detected in the IaC scan, Tenable Cloud Security adds issues to the monitored branch. Also, Tenable Cloud Security checks any upcoming pull requests for your monitored branch. If any violations are detected in the upcoming pull requests, Tenable Cloud Security adds comments to the pull requests.

      • Webhook Disabled — If webhook is disabled, you must manually run an IaC scan. If any violations are detected in the IaC scan, Tenable Cloud Security adds issues to the monitored branch.

    4. Click Save to save the changes.

    Tenable Cloud Security scans the IaC code in the specified repository and then automatically creates issues for any violations found. The issue includes the line numbers that have the violation.