Configure Repositories in the Dashboard

Configure Repositories in the Dashboard

In this section we’ll demonstrate how to customize the behavior of DryRun Security by creating a Configuration in the Dashboard.

Log in to the DryRun Security portal at https://app.dryrun.security (opens in a new tab).

Navigate to the Settings > Configuration section.

Configurations

Note: the default configuration is editable and it applies to all Repositories that are not included in another configuration.

Click Add new Configuration +

Add New Configuraiton

Setup the new configuration using the following steps:

  1. Enter a name for the configuration in the box labeled Enter Configuration Name...
  2. Use the selector labeled Select Repositories to choose the Repositories that will use this Configuration

Note: Repositories can only have a single Configuration. Repositories that are greyed out are included in a different configuration.

Select Repositories

  1. Enable or Disable the DryRun Security Pull Request Comment

Issue Comment Enabled

  1. Enable or Disable Notifications. If enabled, choose the Integrations that will be applied.

Notifications Enabled

  1. Add a Code Policy by clicking Add Policy + and choosing a option from the dropdown. The Policy Enforcement Agent can run up to 7 code policies per configuration.

Note: To create a Code Policy and make it available to use in a Configuration follow the steps in Create a Natural Language Code Policy (opens in a new tab)

Add Policies

  1. Configure Code Policies

Configure Policies

  • Enable Blocking to fail the Check in GitHub. You can also set the Risk Level which can be used along with GitHub Branch Protection Rules to Block the merging of a Pull Request. Note: see Configure Blocking for Code Policies
  • Enable Silent Mode to prevent results from appearing in the DryRun Security Pull Request comment. Results will still be available in the DryRun Security Dashboard.
  • Choose a Risk Level returned by the Policy when it has Findings. Options are Info, Risky and Fail. This can be used to search across Pull Requests or to trigger Notifications.
  1. Configure the Code Security Agents

Configure Agents

  • Enable Blocking to fail the Check in GitHub. You can also set the Risk Level, which can be used along with GitHub Branch Protection Rules to Block the merging of a Pull Request. Note: see Configure Blocking for Code Policies
  • Enable Silent Mode to prevent display of a Check in GitHub. Results will still be available in the DryRun Security Dashboard, but will not show as a GitHub Check.
  • Choose a Risk Level returned by the Policy when it has Findings. Options are Info, Risky and Fail. This can be used to search across Pull Requests or to trigger Notifications.
  1. Click Save

Configuration Save

Done!

The Configuration will now be used by DryRun Security when it executes in the selected Repositories.

Configure Blocking for Code Policies

Both Natural Language Code Policies and Code Security Agents can be used along with Branch protection rules to block merging into a code base. After setting the Code Policies to Blocking, follow these steps to block merges with a Branch Protection Rule.

Set up a Classic Branch Protection Rule

Note: This guide shows the minimum steps to use Code Policies and Branch Protection to Block a merge. (see GitHub Documentation for more details (opens in a new tab))

On GitHub, navigate to the main page of the repository.

Under your repository name, click Settings.

GitHub Settings

In the Code and automation section of the sidebar, click Branches.

GitHub Branches

Choose Add classic branch protection rule.

GitHub Branch Protection

Under Branch name pattern, type the name of the branch to protect. For example, main below.

GitHub Branch Name

Select Require status checks to pass before merging.

In the search field, search for the DryRun Security status checks to require. Choose Code Policies for Natural Language Code Policies or the name of the agent for Code Security Agents, for example Secrets Analyzer.

The configuration below shows Code Policies, Secrets Analyzer and SQL Injection Analyzer as required for this Rule.

GitHub Require Checks

Click Create to create and save this Branch Protection Rule.

Done!

Now, as changes are made to the code base and DryRun Security runs, the Checks will execute and potentially block merging.

When a Natural Language Code Policy has Blocking enabled, it will appear as a single Check in GitHub under the name Code Policies as below.

GitHub Checks Policies

When a Code Security Agent has Blocking enabled, it will appear as a single Check in GitHub with the name of the policy. For example, Secrets Analyzer below.

GitHub Checks Secrets

Click the name of the Check or more details under the ... for more details about the Status Check.

Github Checks Details