Establish Your First Connection¶

This comprehensive tutorial is designed to guide you through integrating your source code management and other pivotal workflows, laying the foundation for a robust security infrastructure on BoostSecurity.

What You'll Accomplish¶

By the end of this tutorial, you will have:

Successfully navigated the onboarding process.
Connected your source code management system.
Implemented dependabot and CI/CD pipeline configuration.
Harnessed security findings aligned with your organization's security checks for CI/CD and Dependabot.

The first point of entry to BoostSecurity is accepting the terms of service and logging into the dashboard. Your organization would be provisioned as a tenant on BoostSecurity with your account details and other information sent to you. Accept the terms of service at the bottom of the page, and you will be redirected to the BoostSecurity login page.

On the login page, enter your BoostSecurity.io Organization Name to continue and select an account to continue with. You can use the Oauth mechanisms of Google, GitLab, GitHub, BitBucket, and Microsoft to log in.

2. Welcome to your Dashboard¶

Upon a successful login, you will be redirected to your dashboard page, which will have no data.

3. Connect Your SCM and Retrieve Data¶

BoostSecurity supports integration with several Source Code Management tools which include GitHub, GitLab, BitBucket, and Azure DevOps.

Note

Before proceeding to Step 4, it is crucial to complete all necessary steps within the linked page corresponding to your Source Control Management (SCM) system. Ensure you've thoroughly followed the instructions tailored to your SCM to avoid any disruptions or errors in the process.

4. Enable Default Scanner Protection¶

After successfully connecting to your Source Code Management tools, it is recommended to enable the CI/CD scanner for all SCMs on the scanner coverage page.

To do this:

Navigate to the Scanner Coverage page and for all your SCMs, you'll see a column called Default Scanner Protection.
Click on the column and select the toggle to Enable the CI/CD scanner for new organizations and repositories.

Furthermore, you have the option to enable the Dependabot scanner for GitHub by toggling Enable the Dependabot scanner for new repositories.

5. View Your Scans¶

The scanners configured on your GitHub organization via the security checks for CI/CD and Dependabot would already have some scan results. Go to the Scans page to check them out.

6. Check out the Findings¶

Once BoostSecurity starts to receive data feeds, you can explore the results in the Findings page.

You can filter and drill down through the findings using the filters, allowing you to focus on findings from one or more project(s) (e.g., GitHub and GitLab repositories) or that were triggered by a specific scanner rule.

For each finding in this page, you can see:

The rule that detected the Findings.
The file path.
Source code lines where it was found.
A description and link to the documentation explaining why this is an issue, how to address it, and more.

Great job! Your organization has been successfully onboarded on BoostSecurity. You have connected your SCM and activated Dependabot and CI/CD pipelines, which enable scans. You can now see your security findings.

Info

If you see no findings, don’t worry, it simply means the default policy didn’t find any significant problems with your repo configuration, but we will look more deeply at your areas of potential risk in the next tutorial, Enable ZTP.

Next Steps¶

Proceed to enable Zero Touch Provisioning, which allows for deeper scanning and insights.