Skip to main content
Skyhigh Security

Create an On-Demand Scan for DevOps

On-Demand Scans for DevOps run scans of policies against templates, allowing you to resolve security issues before deploying and ensuring compliance with the config audit policies.

To create an On-Demand Scan for DevOps:

  1. Go to Policy > On-Demand Scan.
  2. Click Actions > Create a Scan.
  3. On the General Info page, click DevOps Templates. Configure the following:
    • Name. Enter a name for the scan.
    • Description (Optional). Enter the description. 
    • Service Instance. Choose a Service Instance that contains the templates you'd like to scan.
  4. Click Next.
    DevOps Scan 1.png
  5. On the Select Policies page, click Next.
    DevOps Scan 1 half.png
  6. Based on the selection of Service instances on the General Info page, you can view different options for cloud services on the Configure Scan page.
  • For AWS scans:
    • Under Buckets to Scan, select:
      • Use a Predefined Dictionary to choose an option from the dictionaries defined in your account. 
      • Manually Enter Buckets and then type a comma-separated list of buckets that contain the CloudFormation or Terraform templates.
    • Accounts to scan. Choose All Accounts to scan or select Specific Accounts to Include or Exclude from the scan.
  • Click Next.
    clipboard_ec679c18cbea2232dbbeb25a1e4c78bb3.png
  • For Azure scans:
    • Storage Accounts to Scan
      • Use a Predefined Dictionary to choose an option from the dictionaries defined in your account.
      • Manually Enter Storage Accounts and then type a comma-separated list of accounts.
    • Blob Containers to Scan:
      • Use a Predefined Dictionary
      • Manually Enter Blob Containers and type a comma-separated list of Blobs to include in the scan that contains the Azure Resource Manager or Terraform templates.
    • Subscription to scan. Choose All Subscriptions to scan, or select Subscriptions to Include or Exclude from the scan.
  • Click Next
    clipboard_e22096998ae2f1c484a43ce621f75377f.png
  • For GCP scans:
    • Buckets to Scan:
      • Use a Predefined Dictionary to choose an option from the dictionaries defined in your account. 
      • Manually Enter Buckets and type a comma-separated list of Buckets to include in the scan that contains the Terraform templates.
    • Projects to scan. Choose All Projects to scan or select Specific Projects to Include or Exclude from the scan.
  • Click Next.
    clipboard_e75b99a394f43f5197b5cbe0070165f7a.png
  1. On the Schedule Scan page > Frequency, select the required frequency to execute the scan from the menu:
    • None (On-Demand Only). Creates the Scan, but does not set a schedule to automatically run the scan.
    • Daily. Runs the scan every 24 hours.
    • Weekly. Runs the Scan once every seven days.
      DevOps Scan 3.png
  2. Click Next.
  3. On the Review & Activate page, review your setting for the On-Demand Scan. You can edit any options that need to be changed. Once reviewed and modified the scan, click Save.
    DevOps Scan 4.png

The scan is added to the On-Demand Scan page so you can run it.

  • Was this article helpful?