How-To Guides

Welcome to the DevGuard how-to guides. These practical guides provide step-by-step instructions for common tasks and workflows to help you get the most out of DevGuard.

Scanning

Integrate security scanning into your development workflow:

• Scan OCI Images — Scan container images for security issues.
• Scan Source Code — Perform static analysis on your source code.
• Scan Dependencies — Scan your project dependencies for vulnerabilities.
• Scan with GitHub Actions — Integrate DevGuard scanning into GitHub Actions workflows.
• Scan with GitLab CI — Integrate DevGuard scanning into GitLab CI/CD pipelines.
• Upload SBOM — Upload Software Bill of Materials (SBOM) files to DevGuard.
• Upload VEX — Upload Vulnerability Exploitability eXchange (VEX) documents.
• Scheduled Scans — Configure automated, scheduled security scans.

Vulnerability Management

Manage and track vulnerabilities across your software supply chain:

• CSAF - Common Security Advisory Framework — Work with CSAF security advisories.
• Sync External Vulnerability Data (VeX Ingestion) — Synchronize vulnerability data from external sources.

Dependency Management

Manage and analyze your project dependencies:

• View Dependency Tree — Visualize your project’s dependency hierarchy.
• Find Vulnerable Dependencies — Identify dependencies with known vulnerabilities.
• Manage License Compliance — Track and manage software licenses in your dependencies.
• Override License Decisions — Manually override license detection results.
• Search for Components — Search and discover components across your projects.

Integrations

Connect DevGuard with your development platforms:

• Create Webhook — Set up webhooks for real-time notifications.
• Custom Webhooks — Configure custom webhook integrations.
• Webhook Events — Understand available webhook event types.
• Webhook Security — Secure your webhook endpoints.

GitHub Integration

• Auto Setup — Automatically set up GitHub integration.
• Permission Sync — Synchronize permissions from GitHub.
• Setup GitHub Integration — Manual GitHub integration setup.
• Webhooks — Configure GitHub webhooks.

GitLab Integration

• Permission Sync — Synchronize permissions from GitLab.
• Setup GitLab Integration — Set up GitLab integration.
• Webhooks — Configure GitLab webhooks.

Jira Integration

• Connect Jira — Connect your Jira instance.
• Issue Creation — Automatically create Jira issues.
• Sync Status — Synchronize status between DevGuard and Jira.

Security

Enhance the security of your development workflow:

Dependency Proxy

• Dependency Proxy Overview — Use the dependency proxy to intercept and scan packages.
• Setup npm Proxy — Configure the npm dependency proxy.
• Setup PyPI Proxy — Configure the PyPI dependency proxy.
• Setup Go Proxy — Configure the Go dependency proxy.
• Malicious Package Blocking — Block malicious packages automatically.
• Cache Management — Manage the dependency proxy cache.

Supply Chain Security

• Create in-toto Links — Create in-toto attestation links.
• Manage Attestations — Manage supply chain attestations.
• Signing Artifacts — Sign your build artifacts.
• Verify Supply Chain — Verify the integrity of your supply chain.

Access Control

• API Tokens — Manage API tokens for authentication.
• Manage Users — Manage user accounts and permissions.

Compliance

Ensure your projects meet compliance requirements:

• View Compliance Dashboards — Monitor compliance status across your organization.

API Usage

Leverage the DevGuard API for automation and integration:

• Coming soon…

Administration

Learn how to deploy, configure, and maintain your DevGuard instance:

• Deploy with Helm — Deploy DevGuard on Kubernetes using Helm charts.
• Deploy with Docker Compose — Deploy DevGuard using Docker Compose.
• Backup & Restore — Back up and restore your DevGuard data and configuration.
• Monitoring & Metrics — Monitor your DevGuard instance and track key metrics.
• Upgrade DevGuard — Upgrade your DevGuard instance to the latest version.
• Database Maintenance — Maintain and optimize your DevGuard database.
• OIDC/SSO & Restricting Access — Configure authentication and access restrictions.
• Customize the UI — Customize the DevGuard user interface for your organization.
• Uninstalling DevGuard — Remove DevGuard from your system.