Code Setup
Last updated
Last updated
Heeler connects at the organization level and uses GitHub Apps. The Heeler GitHub app requires these permissions:
Read-Only Metadata: A mandatory permission for GitHub applications to gather information about the repositories in your environment.
Read-Only Content: Permission to read the contents of repositories in order to run checks and correlate services.
Read and Write Checks: Permission to run checks against Pull Requests and update Check Status upon check completion.
Read and Write Pull Requests: Permission to track the Pull Request process and open pull requests to fix security issues.
Heeler Subscribes to webhook events for “Pull Request”, “Release”, and “Push”. These allow for Heeler to have real-time processing of repository changes and manage Pull Request processes.
To install the Heeler GitHub app, you must be an organization owner or have administrative permissions for the repositories you wish to connect to Heeler.
Select Connections -> Code Organizations then select 'Add Code Organization'
You will be redirected to GitHub to authorize the Heeler GitHub App.
Select whether you want Heeler to secure all repositories or limit to a specific set of repositories.
Click Save and that's it, Heeler is now connected to your GitHub repositories.
Heeler connects to GitLab at the group level and integrates into GitLab Pipelines to automate assessment code and dependencies. The permission scopes required by Heeler are:
GitLab role: Reporter
read_api
: This is a mandatory permission to allow Heeler to gather information about the groups and projects in your environment.
read_repository
: This is a mandatory permission to read contents of the repositories in order to run security analysis and correlate Heeler Services to source code repositories.
A GitLab group with access to the projects you want Heeler to analyze
Ability to create Gitlab Group access token
Group access token with required permission scopes
Select Connections -> Code Organizations then select 'Add Code Organization'
Enter a name that helps tie the token to the Group
Copy the GitLab Project access token to Heeler
Upon saving the name and token, copy the Installation Token to create the CI/CD Variable
Use the Installation Token provided in the Heeler GitLab setup for the value of the variable. The token enables secure communication between the Heeler image and platform.
Job Config YAML
Add the job configuration to the desired CI/CD pipeline.
Description of jobs
SCA Scan - enumerates packages and vulnerabilities with output to heeler-sca-scan.json
SAST Scan - scans source code for secrets, PII, and security defects with output to heeler-sast-scan.json
OSS Analysis - runs license checks, dependency scorecard, and malicious package analysis with output to heeler-oss-results.json
Select the icon from the top navigation
Select the icon from the top navigation