How-To Guides
Welcome to the DevGuard how-to guides. These practical guides provide step-by-step instructions for common tasks and workflows to help you get the most out of DevGuard.
Scanning
Integrate security scanning into your development workflow:
- Scan OCI Images β Scan container images for security issues.
- Scan Source Code β Perform static analysis on your source code.
- Scan Dependencies β Scan your project dependencies for vulnerabilities.
- Scan with GitHub Actions β Integrate DevGuard scanning into GitHub Actions workflows.
- Scan with GitLab CI β Integrate DevGuard scanning into GitLab CI/CD pipelines.
- Upload SBOM β Upload Software Bill of Materials (SBOM) files to DevGuard.
- Upload VEX β Upload Vulnerability Exploitability eXchange (VEX) documents.
- Scheduled Scans β Configure automated, scheduled security scans.
Vulnerability Management
Manage and track vulnerabilities across your software supply chain:
- CSAF - Common Security Advisory Framework β Work with CSAF security advisories.
- Sync External Vulnerability Data (VeX Ingestion) β Synchronize vulnerability data from external sources.
Dependency Management
Manage and analyze your project dependencies:
- View Dependency Tree β Visualize your projectβs dependency hierarchy.
- Find Vulnerable Dependencies β Identify dependencies with known vulnerabilities.
- Manage License Compliance β Track and manage software licenses in your dependencies.
- Override License Decisions β Manually override license detection results.
- Search for Components β Search and discover components across your projects.
Integrations
Connect DevGuard with your development platforms:
- Create Webhook β Set up webhooks for real-time notifications.
- Custom Webhooks β Configure custom webhook integrations.
- Webhook Events β Understand available webhook event types.
- Webhook Security β Secure your webhook endpoints.
GitHub Integration
- Auto Setup β Automatically set up GitHub integration.
- Permission Sync β Synchronize permissions from GitHub.
- Setup GitHub Integration β Manual GitHub integration setup.
- Webhooks β Configure GitHub webhooks.
GitLab Integration
- Permission Sync β Synchronize permissions from GitLab.
- Setup GitLab Integration β Set up GitLab integration.
- Webhooks β Configure GitLab webhooks.
Jira Integration
- Connect Jira β Connect your Jira instance.
- Issue Creation β Automatically create Jira issues.
- Sync Status β Synchronize status between DevGuard and Jira.
Security
Enhance the security of your development workflow:
Dependency Proxy
- Dependency Proxy Overview β Use the dependency proxy to intercept and scan packages.
- Setup npm Proxy β Configure the npm dependency proxy.
- Setup PyPI Proxy β Configure the PyPI dependency proxy.
- Setup Go Proxy β Configure the Go dependency proxy.
- Malicious Package Blocking β Block malicious packages automatically.
- Cache Management β Manage the dependency proxy cache.
Supply Chain Security
- Create in-toto Links β Create in-toto attestation links.
- Manage Attestations β Manage supply chain attestations.
- Signing Artifacts β Sign your build artifacts.
- Verify Supply Chain β Verify the integrity of your supply chain.
Access Control
- API Tokens β Manage API tokens for authentication.
- Manage Users β Manage user accounts and permissions.
Compliance
Ensure your projects meet compliance requirements:
- View Compliance Dashboards β Monitor compliance status across your organization.
API Usage
Leverage the DevGuard API for automation and integration:
- Coming soonβ¦
Administration
Learn how to deploy, configure, and maintain your DevGuard instance:
- Deploy with Helm β Deploy DevGuard on Kubernetes using Helm charts.
- Deploy with Docker Compose β Deploy DevGuard using Docker Compose.
- Backup & Restore β Back up and restore your DevGuard data and configuration.
- Monitoring & Metrics β Monitor your DevGuard instance and track key metrics.
- Upgrade DevGuard β Upgrade your DevGuard instance to the latest version.
- Database Maintenance β Maintain and optimize your DevGuard database.
- OIDC/SSO & Restricting Access β Configure authentication and access restrictions.
- Customize the UI β Customize the DevGuard user interface for your organization.
- Uninstalling DevGuard β Remove DevGuard from your system.