Source Code View

For each application whose code is analyzed and results are tracked by ShiftLeft, the Dashboard allows you to view the source code location where ShiftLeft identified a vulnerability.

In other words, ShiftLeft can provide URLs that, when used, will direct you to the specific source code lines where the vulnerability occurs.

Background

By default, if you run ShiftLeft from a directory that's also a Git repository, ShiftLeft will automatically attempt to read the URL of the remote contained in the Git metadata. This URL informs the UI regarding hyperlink behavior.

However, if you are:

  • Running ShiftLeft from a directory that's not a Git repository
  • Using a version control system that does not follow the URL conventions of GitHub, GitLab, or Bitbucket

You can create a custom integration to enable source code linking and viewing.

Configuring the Version Control Integration

You can configure your Version Control Integration using an application's Settings page.

To get to the Settings page, select the Application you want to work with from the Applications View. Then, using the left-hand navigation sidebar, click the Cog icon.

Settings Page

To integrate your version control system with ShiftLeft, provide the URL to your application's source code. ShiftLeft provides a series of templates, based on the version control system you use, to help you properly format the URL.

Version Control Templates
VCSTemplate
GitHubhttps://github.com/{USER}/{NAME}/blob/{BRANCH}/{PATH}/{file_path}#L{line_from}-L{line_to}
GitLabhttps://gitlab.com/{USER}/{NAME}/blob/{BRANCH}/{PATH}/{file_path}#L{line_from}-L{line_to}
Bitbuckethttps://gitlab.com/{USER}/{NAME}/blob/{BRANCH}/{PATH}/{file_path}#L{line_from}-L{line_to}
Customhttps://{DOMAIN}/{USER}/{NAME}/{BRANCH}/{PATH}/{file_path}#L{line_from}-L{line_to}

Once you've provided the URL to your source code, click Save VCS URL.

Version Control Integration Configured

You can change the URL or see the templates again at any time by clicking Edit URL after the initial configuration.

At this point, your Data Flow information contains active hyperlinks that will lead you to where the identified vulnerability is in the source code.

Version Control Integration Configured