Configuring a Policy for Scan Engine
-
In the CloudGuard portal, navigate to Assets > Environments (or Workload Protection > Containers Assets > Environments), click Add and select ShiftLeft Environment.
-
In the ShiftLeft Onboarding wizard that opens, enter these details:
-
Environment Name
-
Environment Description (optional)
-
Organizational Unit (optional)
-
-
Configure a Service Account by one of these methods:
-
Select an existing Service Account with its corresponding API Key.
-
Enter a Service Account manually.
-
Click Add Service Account to create a new account.
-
-
Click Next.
-
Select one of the operating systems to run the program on:
-
Windows
-
Linux
-
macOS
-
-
Download the correct version of the program based on your host architecture.
-
Click Next.
-
Copy the commands from the wizard and paste them into the terminal. Run the commands to set up the downloaded executable file. For more information, see Scan Engine Installation
Note - If you decide to store your data on a non-US CloudGuard data center, then you must set the environment variable
SHIFTLEFT_REGION
value based on your data center. For region codes, see Connectivity. -
The summary page informs that the environment onboarding is complete. Click Finish,
The new environment page opens. It contains the name, the description (if provided), and the CloudGuard ID that CloudGuard assigns to the environment. You must use this ID later when you initiate assessment with the Scan Engine.
The instructions for downloading and setting up the Scan Engine are available on the ShiftLeft The ShiftLeft tool scans source code, containers and serverless functions, looking for vulnerabilities including those associated with the Log4j tool. This tool alerts the security and DevOps teams if any vulnerabilities are detected in the pre-build phase, ensuring that vulnerable code is not deployed. environment page. Open the page and click Read Instructions.
-
Navigate to Workload Protection > Vulnerabilities > Policies.
-
Click Add Policy.
-
In the Create New Policy window, select ShiftLeft for Platform and click Next.
-
For Environments, select the environment that you created and click Next.
-
For Rulesets, select one or more Image Assurance rulesets and click Next.
-
For Notifications, select one or more notifications, or click Add Notification to create a new notification.
Note - No notifications are required for ShiftLeft, so you can use the default CloudGuard notification.
-
Click Save.
The new policy is ready, and you can start Scan Engine Installation.
More Links