Prerequisites
- Admin access to your version control system (GitHub/Bitbucket/GitLab)
- API token from your version control system
- Access to DefendStack Secrets platform
Step 1: Configuring Your Version Control Token
-
Navigate to the Settings page in DefendStack Secrets
https://<app-url>/settings?tab=configuration - Click on Add Version Control
-
From the dropdown menu, select your version control system:
- GitHub
- Bitbucket
- GitLab
-
Enter the following details:
- API Token from your version control system
- Version Control URL
- Click Add Integration to save your configuration
Step 2: Setting Up Webhooks for Real-Time Scanning
- Go to Settings in DefendStack Secrets
- Locate your configured version control system
- Click the three dots (⋮) menu in the right corner
- Select Configure
- Adjust your scanning settings according to your requirements
- Click Create Webhook
-
Return to the configuration page to find:
- Webhook URL
- Webhook Secret
Step 3: Configuring Webhooks in Your Version Control
- Navigate to your version control platform
- Locate the webhooks configuration section
-
Add a new webhook using:
- The Webhook URL from DefendStack Secrets
- The Webhook Secret from DefendStack Secrets
- Save your webhook configuration
Verification and Next Steps
Congratulations! You have successfully:- Connected your version control system to DefendStack Secrets
- Enabled real-time scanning for pull requests and commits
- Explore your assets in the platform
- View security scans
- Monitor security incidents