What does the SCW Trust Agent do?
SCW Trust Agent gives you visibility into the commit health of your code repositories, capturing all the programming languages that are being used, identifying all of your developers contributing code, and analyzing their language specific secure code knowledge and skills.
How does it work?
SCW Trust Agent connects to your code repositories to inspect code commits. It looks at the metadata for every commit capturing the programming language, developer that merged the code, and timestamp. It then looks at the submitting developer’s secure coding skill level in that specific language giving a rating on the health of the commit based on policy criteria. These policies are configurable by admins who can make said policies more or less restrictive based on the overall sensitivity of the project or repo.
What needs to be connected for it to work?
SCW Trust Agent connects to your Git-based source code management tools in order to analyze commit data of repositories you configure. A variety of methods are available for connecting and these are described here.
What Git source code management tools are supported?
All Git-based source code management tools are supported, including popular platforms such as GitHub, GitLab, Bitbucket and Azure Repos.
Do I have control over what repositories are inspected?
You have full control over which repositories are inspected by SCW Trust Agent. Depending on the connection method selected, repositories can either be individually specified each sync or they can be selected during initial configuration.
What data is uploaded?
The primary data collected by SCW Trust Agent includes:
- Commit hash for uniquely identifying individual commits
- Committer and author name for display purposes
- Committer and author email address for matching Git environment identities against Secure Code Warrior learner identities
- Commit timestamp for determining whether the configured training had been completed at the time of the code commit
- List of modified file extensions and/or associated programming languages for determining whether the configured training had been completed in the appropriate language
For detailed information please see this article.
Comments
0 comments
Article is closed for comments.