Connect Repositories

Before Tenable.cs starts monitoring the code in your repositories, you must connect your repositories to Tenable.cs Console. You can connect using one of the following methods:

  • Connect your repository using Azure DevOps, AWS CodeCommit, Bitbucket, GitHub, or GitLab.

  • Connect your repository using a command-line interface (CLI).

Connect to a Repository Using Version Control

Tenable recommends connecting a repository using version control when you want to:

  • Connect to your version control provider, for example, GitHub.

  • Scan your infrastructure as code (IaC).

To connect a repository using version control:

  1. In the left navigation bar, click > Connection > Repository.

    The Connect to repository page appears.

  2. In the Choose a workflow to discover repo(s) section, click Version control (recommended).

  3. Click Continue.

  4. In the Connect to a version control provider section, select one of the following version control system providers:

    A new window appears.

  5. Follow the on-screen instructions to grant Tenable.cs Console access to your repository.
  6. Click Continue.
  7. In the Choose onboarding repositories section, connect to your repositories in one of the following ways:
  8. To connect to all your repositories automatically:

    1. Select the Onboard all repositories automatically check box.

    2. Click Onboard All.

      The Projects & Connections page appears. Tenable.cs creates a separate project for each repository type. For example, the Default Gitlab Repositories contains all GitHub repositories.

      Tenable.cs automatically starts the scan for the onboarded repositories.

    3. Click to refresh and view the status of the scan for each project.

    To connect your repositories manually:

    1. In the list of repositories, select the required repositories.

      Tip: You can search for repositories by their name.

    2. If you want to scan only a particular branch or folder of a repository, click the button next to the repository name.

      The Select branch drop-down box appears.

    3. Select the branch you want to scan.

    4. From the Select Folder check box, select the folders to scan.

    Note: If you do not select the branch for a repository, Tenable.cs uses the default branch with the root folder.

    To add a custom or public repository:

    1. Click Add Custom / Public Repository.

    2. Type the name and folder path of the repository you want to add.

    3. Click Add.

    Note: The file and folder hierarchy structure of the repository depends on the version control provider. For example, Bitbucket and GitLab list the folders first and then the files, whereas GitHub lists the files and folders alphabetically.

    Tenable.cs connects to the repository. For more information about version control providers, see Configure Repository Integrations.

  9. (Optional) To configure advanced settings for a repository:

    1. Select a repository.

    2. In the Advanced settings field, click for the selected repository.

      A window appears.

    3. In the IaC engine type drop-down box, select one of the following engine types:

      • Terraform
      • CloudFormation
      • Application
      • Kubernetes YAML
      • Kustomize YAML
      • Helm Chart
      • Azure Resource Manager

      For more information about IaC engine types, see IaC Engine Types.

    4. In the Select version drop-down box, select the engine version.

    5. In the Auto-remediate settings drop-down box, select an option to indicate how to handle found violations:

      • Auto-remediate: Tenable.cs automatically fixes any violations.
      • Inline reviews: Tenable.cs automatically creats an issue for the violation.
      • None: Tenable.cs takes no action.
    6. To add custom parameters to the repository configuration:

      1. (Optional) For plan-based setup, click the Plan based setup toggle.
      2. In the left drop-down box, select a parameter.
      3. In the text box, type the value for the selected parameter.

      For more information, see Repository Configuration Parameters.

    7. Click Save.

  10. Click Continue.
  11. In the Choose projects to add the repository to section, do one of the following:
    • Add a new project:

      1. Click Add a project.

      2. Enter the name of a project.

      3. Click Add.

    • Select a project from the list of existing projects.

      Tip: You can search for projects by their name.

  12. Click Connect.

    Tenable.cs adds the newly connected repository to the Projects & Connections page.

Connect to a Repository Using the CLI

Tenable recommends connecting a repository using the CLI when you want to:

  • Integrate a command-line interface with a continuous integration / continuous deployment (CI/CD) tool, for example, Jenkins.

  • Run a command-line interface locally to discover resources and violations in an infrastructure as code (IaC) repository.

To connect a repository using CLI:

  1. In the left navigation bar, click > Connection > Repository.

  2. In the Choose a workflow to discover repo(s) section, click CLI driven.

  3. Click Continue.

  4. (Optional) To invite a user to run CLI, in the Invite teammates to run CLI section, select users from the list of users added to Tenable.cs Console.

    Tip: You can search for users by their first name, last name, or email address.

  5. Click Continue.

  6. In the CLI usage instructions section, follow the on-screen instructions.

  7. Click Done.

    Tenable.cs adds the newly connected repository to the Projects & Connections page.