Getting Started

You can set-up and run CodeShield in 3 steps .

Scan your private or public GitHub repositories

1. SignUp with GitHub

Just login or signup into CodeShield using your GitHub account. Goto_ Preview

2. Scan your repository

After signing with GitHub, you have two features: 1. Scan own repositories: You can scan the repositories by choosing one from the list. 2. Scan public repositories: To find a repository, add the search query with / in the serach bar. The repository scan can be done by choosing the required GitHub branch. The results can be shared and the past results can be accessed.

3. Share the Findings

You can also share the scan results with your colleagues with the share feature, available at the bottom right corner on the results page. After clicking on the icon, a pop-up for generating the publicly accessible, shareable link will appear and you can copy the link.

Check for Vulnerabilities in the Product Tour

1. Start the Product Tour

To visualize the scan results generated by CodeShield, select the option Product Tour and proceed to scan the project.Goto_ Preview

2. Select the Example Project

In the overview of GitHub repositories simply select the repository serverless-goat-java that contains the cloud native application including AWS SAM or CloudFormation files.

After hitting the “scan” button, CodeShield generates a visualization of your applications and checks for vulnerabilities.

3. Investigating the Findings

After the scan has finished, you can investigate the results in CodeShield’s dashboard. All nodes in the graph are linked to their source code. You can click any node to jump to its definition.

Simply click on a vulnerability in the graph, and jump directly to the vulnerable source code.

4. Investigate the Data Flow

You can quickly analyze which data flows into the vulnerable code and from which resources it originates. To do so, simply click on “Analysis” -> “Root Cause”. This allows you to quickly spot if the vulnerability is exploitable from the outside, e.g., if the data flowing into the vulnerable functions stems from an unauthorized method in the API Gateway. The path by which the data flows into the resource is highlighted by red, dashed lines.

You can also check the resources the vulnerability affects. To do so, clock on “Analysis” -> “Consequences”.

Last modified November 27, 2020