See DryRun Security in Action

See DryRun Security in Action

In this section we’ll describe how DryRun Security runs and where to see the results. To illustrate, we’ll walk through an example of modifying code in a sample repository and reviewing the results.

Open a Pull Request

I’ve updated the file analytics.py and opened a Pull Request in my example repository. DryRun Security will run its analysis and report findings.

DryRun Security Update File

You’ll see the results of the analysis in both a summary comment and the Checks area of the Pull Request.

Let's look at each section of the results.

DryRun Security Summary

DryRun Security Summary Comment

DryRun Security will generate a summary describing the intent of the change and any security implications of the change. A short summary is shown by default and a more detailed summary can be accessed by clicking Expand for full Summary.

Code Policy

DryRun Security Code Policy

The Code Policy section shows the results from any user-configured Code Policies that are set up for the repository. In this case the Code Policy asks the question "Does this code have OWASP security flaws?".

Code Analysis

DryRun Security Code Analysis

The Code Analysis section summarizes the results for the DryRun Security Analyzers. Here you can see the Analyzers that reported findings and click on the links in the Findings column for more details.

Riskiness

DryRun Security Riskiness

DryRun Security will calculate and assign a Riskiness level to the change. This can be used in the DryRun Security Dashboard to search for changes that need extra attention and to configure Notifications based on the Riskiness level.

GitHub Checks

DryRun Security also posts the Analyzer results to the Checks area on the Pull Request. This can be seen on the Pull Request default page or by clicking the Checks tab at the top of the Pull Request page.

DryRun Security Checks

When I click details next to the SQL Injection Analyzer results, I see the following:

DryRun Security Checks SQL

Here I can see any findings for the Analyzer and click Click for Details to get more information about the finding.

DryRun Security Checks Finding

Note that the details include a description of the finding and why it's an issue, the file name where the finding occurred and a preview link to the code change that triggered the Analyzer.

Install DryRun SecurityCreate a Natural Language Code Policy