Importing repositories to Flow
Repositories are the heart of Mixeway Flow, serving as the foundation for all scanning processes. The solution is designed to seamlessly integrate with your code repositories, providing a robust way to ensure continuous security and compliance throughout your development lifecycle.
Supported Git Platforms
Mixeway Flow currently supports importing repositories from both GitHub and GitLab. You can import repositories in two primary ways:
- Single Repository Import:
By specifying the URL address of a specific Git project, you can directly import that individual repository into Mixeway Flow. This method is ideal when you want to focus on a particular project or need fine-grained control over which repositories are included. - Bulk Import via Git Host Address:
If you want to bring in multiple repositories at once, you can provide the host address of your Git instance (e.g.,https://gitlab.com
orhttps://github.com
). Mixeway Flow will automatically detect and allow you to select multiple repositories for import from that instance. This is particularly useful for larger teams managing numerous projects.
Team-Based Repository Assignment
Each repository in Mixeway Flow is associated with a specific team. A repository can only be part of a single team at any given time, ensuring clear ownership and management. Before importing a repository, ensure that it is correctly assigned to the appropriate team to maintain proper organizational alignment and resource allocation.
Registering a Repository
To register a repository within Mixeway Flow, you need to provide the following details:
- Git Instance or Project URL: This is either the address of the Git instance (for bulk imports) or the specific URL of the repository.
- Access Token: Mixeway Flow requires an access token with sufficient permissions to perform actions on the repository. This includes the ability to:
- Clone the repository for scanning purposes.
- Comment on merge requests to provide feedback on vulnerabilities or issues found during the scanning process.
- Create issue tickets for any security concerns or compliance violations that need to be addressed.
By ensuring the access token is correctly configured, Mixeway Flow can seamlessly integrate into your development workflow, providing continuous scanning and feedback on your projects.
Initial Scanning Process
Once a repository is successfully registered in Mixeway Flow, an initial scan is triggered automatically. This scan is conducted on the default branch detected during the initialization process. The scanning ensures that the security and compliance posture of the repository is evaluated from the very start.
The default branch, typically the main
or master
branch, will be scanned for any vulnerabilities or issues, laying the foundation for ongoing security assessments throughout the development lifecycle.