Skip to content

Connect a project and run the first SCA analysis

Context

The first practical step in CodeScoring.SCA is to connect a repository as a VCS project and wait for the first SCA analysis. This scenario uses GitLab as an example, but the overall flow is the same for other supported version control systems: create the connection, create the project, and wait for the first analysis.

What you will get

After completing this scenario, you will have a connected project in CodeScoring with the first completed SCA analysis. The project page will show the initial results, and scan history will contain metadata for the run if you need to verify branch and commit details.

Requirements

Before you start, make sure you have:

  • access to the GitLab repository;
  • a GitLab account that can create a Personal Access Token;
  • access to CodeScoring with VCS: adding repositories and Projects: creating projects permissions;
  • a CodeScoring license with the SCA module enabled.

Steps

Step 1. Create a GitLab access token

CodeScoring uses this token to read the repository content during analysis.

  1. Sign in to your GitLab account.
  2. Open Edit profile.
  3. In the left menu, open Access Tokens.
  4. Set a token name, for example codescoring-demo.
  5. In the scopes section, enable read_api and read_repository.
  6. Click Create personal access token.
  7. Copy the generated token and store it securely.

The token is now ready to be used in the GitLab connection settings in CodeScoring.

Step 2. Add a GitLab connection in CodeScoring

At this step, GitLab becomes available to the platform as a source of code for future analysis runs.

  1. In CodeScoring, go to Settings -> VCS.
  2. Click Add.
  3. Fill out the connection form:
    • Name — a clear connection name, for example GitLab main;
    • Connection typeHTTPS;
    • TypeGitlab;
    • Address — the GitLab address, for example https://gitlab.com;
    • Access token — the token created in the previous step.
  4. Click Check connection.
  5. If the check is successful, click Add.

After a successful connection check, the GitLab connection can be selected when creating projects.

Step 3. Create a VCS project

Now you can add the repository itself to CodeScoring and immediately trigger the first SCA run after cloning.

  1. Go to Settings -> Projects.
  2. Click Create and open the VCS projects tab.
  3. Fill out the project form:
    • Repository — the GitLab repository URL;
    • VCS — the GitLab connection created in the previous step;
    • Name — the project name in CodeScoring.
  4. Keep the Run SCA after cloning option enabled.
  5. Click Create.

Once the project is saved, CodeScoring starts cloning the repository and then launches the first SCA analysis automatically.

Step 4. Wait for the first analysis to finish

During the first run, the platform downloads the source code and builds the initial view of project dependencies and vulnerabilities.

  1. Open the project page.
  2. If needed, monitor progress in Settings -> Audit log.
  3. Wait until the analysis is complete.

When the analysis finishes, the project page starts showing SCA results.

Step 5. Check the analysis results

At this point, confirm that the project has really been analyzed and that the results are already usable.

  1. Open the SCA tab on the project page.
  2. Check that analysis results are already visible on the tab.
  3. If needed, open SCA scan history to verify that the latest run has the success status.
  4. Open the latest run by its start date and check that the results include:
    • the number of detected dependencies;
    • the number of detected vulnerabilities;
    • VCS metadata, including the branch and commit SHA.

At this stage, the project is connected to the platform and the first SCA results are ready for review.

Result

The scenario is complete if you can:

  • open Settings -> VCS and confirm the GitLab connection is present;
  • open Settings -> Projects and confirm the project exists;
  • open the project page and confirm that SCA results are already visible;
  • if needed, open SCA -> SCA scan history and verify that the latest run finished with success.

After that, the project is ready for dependency review, vulnerability analysis, and policy setup.

What next

After the first analysis, the next common steps are:

Страница была полезна?