See DryRun Security in Action
In this section we’ll describe how DryRun Security runs and where to see the results. To illustrate, we’ll walk through an example of modifying code in a sample repository and reviewing the results.
Open a Pull Request
We’ve updated the file analytics.py and opened a Pull Request in an example repository. DryRun Security's Policy Enforcement Agent will then immediately run any user-configured Natural Language Code Policies against the code. DryRun Security's many Code Security Agents will also run against the code and report back with any findings.
You’ll see the results of the analysis in both a summary comment and the Checks area of the Pull Request.
Let's look at each section of the results.
DryRun Security Summary
DryRun Security will generate a summary describing the any security implications of the change. If there were any findings, they will be listed below the summary. Click a finding to expand the dropdown and view the finding details.
Policy Enforcement
The Policy Enforcement Agent will run any user-configured Natural Language Code Policies that are set up for the repository. In this case there is one Code Policy which asks the question "Does this code have OWASP security flaws?".
Code Security
The summary will also list any findings from DryRun Security's Code Security Agents. Click on a finding to expand the dropdown and view the finding details.
Risk
DryRun Security will calculate and assign a risk level to the change. This can be used to trigger notifications and to search for risky changes in the DryRun Security Dashboard.
GitHub Checks
DryRun Security also posts agent results to the Checks area on the Pull Request. This can be seen on the Pull Request default page or by clicking the Checks tab at the top of the Pull Request page.
Click on a check to see its details.
Expand a finding's dropdown to view the finding details.
The details include the finding type, description, and file name, and a link to the code where the agent found the issue.