Set up AI security review
To set up AI security review, you need to complete the following tasks:
- Ensure that the GitHub App is installed and configured properly.
- Configure a scan profile for AI security review.
- Enable the security review finding policy.
- Configure an action policy if you want to get comments on your GitHub pull request with the details of the AI security review.
GitHub App Configuration
Install the GitHub App if you don’t have it already. See GitHub App for more information.
Ensure that you enable the following settings:
- Pull Request Scans: Pull Request Scans allows Endor Labs to scan the pull requests. You must enable this setting so that AI security review can proceed for a pull request.
- Pull Request Comments: Pull Request Comments allows Endor Labs to comment on a pull request in GitHub. This setting is optional, and you need to enable this setting if you want a comment on your GitHub pull request with the details of the AI security review. In addition, you also need to select Pull Request Comments in your scan profile and set up an action policy.
Configure scan profile for AI security review
Create a scan profile for AI security review and configure the following options:
- Pull Request Scans: Mandatory. This setting allows Endor Labs to scan the pull requests.
- Pull Request Comments: Optional. This setting allows Endor Labs to comment on a pull request in GitHub.
- AI Security Review Scans: Mandatory. This setting allows Endor Labs to scan the pull requests for AI security review.
- Disable Code Summary: Optional. This setting allows you to disable the code summary for the AI security review.
- Custom Prompt: Optional. You can enter a custom prompt to modify how AI security review detects and categorizes security-related changes.
After you create the scan profile, assign the scan profile to the projects for which you want to set up AI security review.
See Scan Profiles for more information on creating a scan profile.
Enable finding policy for AI security review
Ensure that the Security Review policy is enabled under finding policies.
- Select Policies & Rules from the left sidebar.
- Select Finding Policies.
- Search for
Security Reviewand ensure that the policy is enabled.
Configure action policy for pull request comments
If you want to get comments on your GitHub pull requests, you need to set up an action policy.
-
Select Settings from the left sidebar.
-
Select Action Policies.
-
Click Create Action Policy.
-
Select Security Review as the Policy Template.
-
Choose the severity threshold to trigger the AI security review.
You can choose from the following severity thresholds:
- Any
- Low
- Medium
- High
- Critical
-
Select Pull Request as the Branch Type.
-
Choose Enforce Policy as the action, and select Warn or Break the Build depending on your preference.
-
Configure include and exclude patterns for the policy.
-
Name the policy and provide a description.
-
Enter tags if required for the policy.
-
Click Create Action Policy to save the policy.
See Action Policies for more information on setting up an action policy.
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.