yadda ake haɗa rassan a github, soke haɗa github, github reshe

Ƙirƙiri Reshe a GitHub kuma Haɗa Lafiya

Koyon yadda ake ƙirƙirar reshe a GitHub shine mataki na farko. Duk da haka, ƙwarewa kan yadda ake haɗa reshe a GitHub lafiya yana da matuƙar muhimmanci ga kowane reshe. GitHub tsarin aiki. Don haka, a cikin wannan rubutun, za mu yi muku jagora ta hanyar dukkan tsarin, farawa da yadda ake ƙirƙirar reshe a GitHub sannan ya nuna muku yadda ake haɗa rassan a GitHub lafiya. Za mu kuma yi bayani game da yadda ake soke haɗin gwiwa idan kun sami wata matsala, kuma a ƙarshe, yadda Xygeni zai iya taimaka muku gano kowace matsala kafin ta shiga babban reshen ku.

Bari mu yi tafiya a kai mataki-mataki.

1. Yadda Ake Ƙirƙiri Reshe a GitHub Ta Hanyar Da Ta Dace

Kowace hanyar aiki mai aminci tana farawa ne lokacin da ka ƙirƙiri reshe a GitHub. Yana bawa masu haɓakawa damar ware fasaloli, gyare-gyare, ko gwaje-gwaje ba tare da yin tasiri ga lambar samarwa ba.

Don ƙirƙirar reshe a GitHub:

1. Je zuwa wurin ajiyar ku

2. Danna jerin zaɓin reshen

yadda ake haɗa rassan github, soke haɗa github da reshe github

3. Rubuta sunan sabon reshen ku

4. Danna Ƙirƙiri reshe

yadda ake haɗa rassan github, soke haɗa github da reshe github

Daga nan, sabon reshen ku a shirye yake ya fara aiki. Yanzu zaku iya tura lambar, kuyi aiki tare akan canje-canje, sannan daga ƙarshe ku buɗe pull requestKo da yake wannan aikin GitHub ne na asali, yana shirya matakin ci gaba mai aminci.

Abu mafi mahimmanci, duk lokacin da ka ƙirƙiri reshe a GitHub, ya kamata ya zama wani ɓangare na tsarin aiki mai maimaitawa da kariya.

2. Yin hoto Pull Requests Ta atomatik Kafin Haɗawa

Idan ka ƙirƙiri reshe a GitHub kuma ka shirya don bita, mataki na gaba shine fahimtar yadda ake haɗa rassan a GitHub lafiya. Kowane reshe na GitHub ya kamata ya fara duba ta atomatik. Amma kafin haɗawa, yana da mahimmanci Tabbatar cewa lambar ba ta gabatar da rauni ba. Mutum ɗaya mara aminci commit iya fallasa aikace-aikacenku, leak secrets, ko karya muhimman kayayyakin more rayuwa.

Haɗa lambar zuwa babban reshen ku aiki ne mai matuƙar tasiri. Idan ba a yi cikakken bincike ba, zai iya haifar da mummunan sakamako kamar:

Nan ne Xygeni ke yin babban canji

Ta amfani Ayyukan GitHub, za ka iya ƙara Ana duba Xygeni ta atomatik duk lokacin da mai haɓaka ya buɗe pull request a cikin reshe mai kariya. Reshe mai kariya a GitHub shine wanda ke buƙatar takamaiman bincike ko amincewa kafin a ba da izinin haɗuwa da canje-canje.

Xygeni yana nazarin aiwatar da sabon aikin pull request aikace-aikace don tabbatar da yanayin tsaro na canje-canjen da aka gabatar. Wannan ya haɗa da duba matsaloli a cikin rikodin, abubuwan da suka shafi sirri, abubuwan da suka shafi sirri, da kuma CI/CD jeriBa a sake duba cikakken reshen ba, amma sakamakon aikin da aka samu kwanan nan ana amfani da shi don aiwatar da manufofi da kuma toshe haɗakar da ba ta da aminci.

Waɗannan na'urorin daukar hoto suna tabbatar da cewa lambar tana da tsaro kuma a shirye take don samarwa. Suna gano:

Hadin kai waɗannan binciken da wuri suna tabbatar da hakan cewa duk lokacin da ka ƙirƙiri reshe a GitHub kuma ka shirya haɗuwa, za ka yi da shi cikakken gani da sarrafawa.

Ga wani tsari mai sauƙi:

on:   pull_request:     branches: [ main ] jobs:   xygeni-scan:     runs-on: ubuntu-latest     steps:       - name: Checkout         uses: actions/checkout@v3       - name: Xygeni Scanner         uses: xygeni/xygeni-action@3.2.0         with:           token: ${{ secrets.XYGENI_TOKEN }}

3. Toshewar Rashin Tsaro Ya Haɗu da Guardrails

Guardrails, tabbatar da cewa lokacin da ka ƙirƙiri reshe a GitHub ko ka yi ƙoƙarin haɗa rassan a GitHub, canje-canje masu aminci ne kawai za su isa ga babban saitin GitHub ɗin reshe. Xygeni yana ba ka cikakken iko akan abin da za a haɗaZa ka iya ayyana precisƙa'idodi da aka tsara don manufofin tsaron ku da kuma juriyar haɗari. Misali:

  • Toshewa idan wani sirri ne mai mahimmanci an samo (misali, maɓallan AWS, alamu)
  • Kasa ginawa idan wani sabon babban haɗari An gabatar da kunshin bude tushen
  • Karyata pull requests cewa gyara hanyoyi masu mahimmanci kamar .github/workflows/, infrastructure/, ko secrets.env
  • Hana haɗuwa idan wani sake dawo da raguwar darajar kasuwa da aka sani vulnerabilities
  • Block CI/CD canje-canje a cikin tsari sai dai idan an yi masa lakabi da kyau
  • Dakatar da haɗuwa idan SAST yana gano babban ko batutuwa masu mahimmanci
  • A shafa mai tsauri Guardrails a kan rassan samarwa yayin da ake kiyaye sassauci a cikin ci gaba

Waɗannan ƙa'idodi suna aiki a matsayin masu tsaron ƙofa ta atomatik. Suna taimaka wa ƙungiyar ku ta haɗa abin da ke da tsaro kawai, babu abin mamaki, babu sake dubawa da hannu, babu kashe gobara a minti na ƙarshe.

Misali dokar tsaron hanya:

guardrail block_critical_secrets   on secrets   when severity = critical   then @fail()

Ra'ayin gani a cikin Dashboard

yadda ake haɗa rassan github, soke haɗa github da reshe github

Domin tabbatar da cikakken gani, Xygeni ya nuna sakamakon sabon kimantawa na matsayin Guardrail.

  • Na farko, alamar kore tana nufin duk manufofin da aka zartar.
  • Da bambanci, alamar ja tana nuna cewa an karya sharuɗɗan tsaro ɗaya ko fiye.

Sakamakon haka, masu haɓaka software da ƙungiyoyin tsaro suna samun fahimtar dalilin da yasa aka toshe haɗin gwiwa, ba tare da tono cikin rajistar CI ba.

Misali na Hakika daga cikin Dashboard:

Misali, Bari mu ce ma'ajiyar bayanai ba ta da rassan da aka kare, wani kuskuren tsari na gama gari wanda ke bawa masu haɓakawa damar tura commitba tare da tabbatarwa ba. Wannan babban haɗari ne.

Xygeni yana gano wannan ta atomatik kuma yana nuna shi azaman sanya hannu_commits batun da ke ƙarƙashin CI/CD category. The dashboard karin bayanai:

  • Tsanani: high
  • type: Sa hannu Commits
  • Ƙarin bayani: Ma'ajiyar ba ta da rassan da aka kare
  • Status: Bude

Saboda haka, tare da wannan ra'ayi mai cike da mahallin, ƙungiyoyi za su iya gano haɗarin cikin sauri, su fahimci tasirinsa, kuma su ɗauki matakin gyara, duk daga Xygeni UI.

Keɓance Ɗabi'ar Tilasta Aiki

Kullum kana da iko. Zaɓi yadda ya kamata Guardrails ya zama:

  • --fail-on=critical: Block ya haɗu ne kawai akan manyan abubuwan da aka gano
  • --never-fail: Run Guardrails a cikin yanayin busasshiyar hanya don gwada manufofi kafin aiwatarwa

Don haka lokaci na gaba da ka ƙirƙiri reshe a GitHub, naka Guardrails suna nan, suna kare naka pipeline da kuma aiwatar da manufofinka ta atomatik.

Ta Yaya Zan Sani Idan Manhajar GitHub Tana da Lafiya?

Koyi yadda ake kimanta GitHub Apps kafin shigar da su.

Karatu mai danganta:

4. Soke Haɗawa a GitHub Ta atomatik Idan An Gano Haɗari

Idan aka gano haɗari, za a soke haɗin. Wannan kariya tana kare kowane reshe na aikin GitHub kuma tana aiwatar da mafi kyawun ayyuka kan yadda ake haɗa rassan a GitHub.

Xygeni yana haɗuwa kai tsaye cikin UI na GitHub. Idan aka sami haɗari:

  • GitHub ya nuna cewa an gaza duban a matsayin wanda ya gaza
  • Kariyar GitHub tana hana haɗakarwa
  • Jerin haɗin ya tsallake lambar da ba ta da tsaro

Ko sirri ne, ko CVE, ko kuma mai haɗari CI/CD tsari, sakamakon iri ɗaya ne: An soke haɗin a GitHub kuma an yi masa alama don yin bita.

Hakanan zaka iya duba cikakkun sakamako a cikin Xygeni:

  • Matsayin tsaro na kowane reshe
  • Me yasa aka toshe haɗin gwiwa
  • Cikakken tarihin duba
  • Ana nuna matsayin layin tsaro ta hanyar gumakan kore (wucewa) ko ja (faɗuwa) a shafin aikin

Wannan ra'ayin gani yana sauƙaƙa wa masu haɓakawa da ƙungiyoyin tsaro su ɗauki mataki cikin amincewa. Kuma idan kuna buƙatar zurfafan mahallin, kowace matsala tana da alaƙa da takardu masu tsanani, alamomi, wurin da ake bi, da kuma jagorar rage tasirin.

Haɗa Tldr Kawai Abin da ke da aminci

A taƙaice, ga yadda ake haɗa su lafiya bayan kun ƙirƙiri reshe a GitHub:

  • Ƙirƙiri reshe a GitHub ta hanyar UI
  • Shigar da scan ta atomatik a kowane lokaci pull request tare da Xygeni 
  • Toshe haɗin da ba shi da tsaro ta amfani da Guardrails
  • Yi amfani da manufofin binciken ɓangaren uwar garken don zurfafa iko
  • Soke haɗin gwiwa a cikin GitHub idan wani abu ya gaza
  • Yi tunanin duk sakamakon da aka samu a Xygeni's dashboard

Don ƙarin mafi kyawun ayyuka kan kariyar ma'ajiyar ajiya, karanta mu Tambayoyin da ake yawan yi game da Tsaron GitHub: Abin da Ya Kamata Kowane Mai Haɓakawa Ya Sani.

Duk da cewa haɗakarwa aiki ne na asali, yin hakan cikin aminci yana buƙatar ainihin gani da sarrafa kansa. Tare da Xygeni, ba wai kawai haɗa lambar ba ne, har ma haɗa aminci.

Kare Kowane Reshen GitHub da Kwarin gwiwa

Wani matsala da aka manta da ita a cikin wani pull request na iya yin illa ga babban reshen ku. Na'urorin daukar hoto na gargajiya galibi suna yin latti, suna rasa manyan haɗari, ko kuma sun kasa aiwatar da manufofi masu ma'ana.

Shi ya sa kare rassan GitHub ɗinku yana buƙatar fiye da kawai duba bayanai.

Xygeni yana ba da cikakken aiwatarwa. Lokacin da pull request hari kan wani reshe mai kariya, Xygeni yana nazarin sabon aiwatar da ku CI/CD tsarin aiki. Ba ya sake duba dukkan reshen. Madadin haka, yana kimanta sakamakon da ya gabata don duba matsalolin tsaro a cikin lambar, abubuwan da suka dogara da su, sirri, da tsarin aiki. Ba wai kawai an sanar da kai ba. Ana kare ka.

Me ya bambanta:

  • Tabbatar da cikakken mahallin: Guardrails aiwatar da manufofi ta amfani da mahallin da ya dace kamar tsananin, amfani da bayanai, da kuma bayanan reshe.
  • Haɗin GitHub da aka gina a ciki: Komai daga scanning zuwa aiwatarwa yana gudana ne a cikin tsarin aikin GitHub ɗinku, ba tare da buƙatar rubutun al'ada ko lambar manne ba.
  • Binciken gefen uwar garken: Gefen uwar garken Guardrails tabbatar da sakamakon bayan lodawa, ƙara Layer na biyu na iko a waje da pipeline.

Maimakon dogara ga tsarin CI ɗinku don kama komai, Xygeni yana amfani da tsarin sarrafa kansa, bisa ga manufoficisions kafin komai ya isa babban reshen ku.

Duk da cewa haɗakarwa aiki ne na yau da kullun, yin hakan cikin aminci yana buƙatar ainihin gani da sarrafa kansa. Tare da Xygeni, ba wai kawai kuna kare wurin ajiyar ku ba, kuna kare kowane reshe na GitHub da kwarin gwiwa.

kayan aikin nazarin kayan aikin sca-tools-composition
Fifiko, gyara, da kuma kare haɗarin software ɗinka
Sami Asusunka Kyauta.
Babu katin bashi da ake bukata.

Tabbatar da Haɓaka Software da Isarwarka

tare da Xygeni Product Suite