Code Repository

Overview

Once you connect your Source Code Management (SCM) provider, analysis begins immediately. For each repository, you are able to drill down into different views. Specifically:

• Code Root

• API Endpoints

• Code Findings

• Active Contributors

These views provide insight into how a repository is structured, its interfaces, analysis of the code's security weaknesses, and the code base contributors.

Code Roots

As defined under Welcome to Heeler > Terminology, Code Roots are a logical “entry point” or “service boundary” within a source-code repository. In a multi-service repository, each Code Root identifies a distinct application, microservice, module, or component—along with any configuration parameters it needs in order to build, test, or scan that slice of code in isolation.

Breaking down repositories into Code Roots allows for prioritization, more focused analysis, and remediation.

API Endpoints

API Endpoints lists the method and path of individual endpoints with links to the applicable Code Root and additional information like file location of the endpoint definition, link to the its location in the repository, and when it was first seen.

Code Findings

Code Findings includes the results from Static Application Security Testing and Software Composition Analysis of your code with details on the Finding source, severity, confidence of analysis, and number of instances of the Finding.

For each Finding, there is a drill down available to the actual files and file line numbers where the Finding is located with a link to go to the location in your code repository.

Active Contributors

Active Contributors lists the individuals who have roles related to committing code to the repository, e.g., developers, reviewers, and commenters.