search

Privado-Inc / privado

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
https://docs.privado.ai
GNU Lesser General Public License v3.0
502 stars 57 forks source link

docs should include codepipelines #347

Closed RRcwhiting closed 10 months ago

RRcwhiting commented 10 months ago

Is your feature request related to a problem? Please describe. Most code scan tools (Snyk, SonarCloud, etc) operate by plugging into codepipelines or using native Github/Bitbucket apps.

Describe the solution you'd like Privado should either:

  1. include examples of codepipeline usage (AWS, bitbucket, github) to allow customers to run Privado on CICD
  2. integrate seamlessly with github/bitbucket to allow importing repos in a SaaS offering

Describe alternatives you've considered competitors, like Securiti.ai

Additional context Modern development doesn't typically scan on some local box. Scans occur continuously as part of a CICD pipeline. Docs not reflecting that seems antiquated.

Competitors to Privado have slick, low barrier to entry, dashboards that can import hundreds of repos at once, without configuring anything different about pipelines.

vaibhavantil2 commented 10 months ago

@RRcwhiting - We do have a paid SaaS offering where we have direct integrations with all SCMs like GitHub, GitLab, BitBucket. Docs are here for the SaaS offering:

https://help.privado.ai/en/articles/7202164-connecting-github

If you are interested, I can ask the team to reach out for a demo.