Skip to main content
McAfee Enterprise MVISION Cloud

Create an On-Demand Scan for DevOps

On-Demand Scans for DevOps run scans of policies against templates, allowing you to resolve security issues before deploying.

To create an On-Demand Scan for DevOps:

  1. Go to Policy > On-Demand Scan.
  2. Click Actions > Create a Scan.
  3. Click DevOps Templates. Enter a Name for the Scan, an optional Description, and then choose a Service Instance that contains the templates you'd like to scan. Click Next.

    DevOps Scan 1.png
  4. In the Select Policies page, click Next.

    DevOps Scan 1 half.png
  5. In the Configure Scan page, choose the following:
    • For AWS scans:
      • Under Buckets to Scan, select:
        • Use a Predefined Dictionary to choose an option from the dictionaries defined in your account. 
        • Manually Enter Buckets and then type a comma-separated list of buckets that contain the CloudFormation or Terraform templates.
      • For Accounts, choose to scan All Accounts or specific ones.
      • Click Next.
        DevOps Scan 2.png
    • For Azure scans:
      • Storage Accounts to Scan
        • Select Use a Predefined Dictionary to choose an option from the dictionaries defined in your account
        • Manually Enter Storage Accounts and then type a comma-separated list of accounts.
      • Blob Containers to Scan:
        • Use a Predefined Dictionary
        • Manually Enter Blob Containers and type a comma-separated list of Blobs to include in the scan that contain the Azure Resource Manager or Terraform templates.
      • Subscription to Scan, choose All Subscriptions, or select Subscriptions to Include or Exclude.
    • Click Next
      DevOps Azure Scan 3.png
  6. For Schedule Scan, choose an option from the Frequency menu:
    • None (On-Demand Only). Creates the Scan, but does not set a schedule to automatically run the scan.
    • Daily. Runs the scan each 24 hours.
    • Weekly. Runs the Scan once every seven days.
      DevOps Scan 3.png
  7. Click Next.
  8. In the Review & Activate page, look over the settings you've chosen for the scan. You can edit any options that need to be changed. Once you're happy with the Scan, click Save.

    DevOps Scan 4.png

The scan is added to the On-Demand Scan page so you can run it.

  • Was this article helpful?