Take a deep dive into Code Risk Analyzer, a component of IBM Cloud Continuous Delivery, with a newly available IBM Cloud toolchain tutorial.
Developers use Code Risk Analyzer to discover vulnerabilities in their Python, Node.js, and Java applications and in their operating system stacks (base image). Code Risk Analyzer integrates the comprehensive security coverage and rich threat intelligence provided by Snyk and other sources to help developers automatically find, prioritize, and fix vulnerabilities in open-source dependencies and containers, early in their workflow.
Securely develop a Kubernetes app
In the new tutorial, you will learn how to use IBM Cloud Continuous Delivery to create an open toolchain that includes Git Repos and Issue Tracking, a Tekton-based delivery pipeline, and Code Risk Analyzer. You will then build a secure Node.js application and deploy it to your Kubernetes cluster on the IBM Cloud, including scanning your repository for open source vulnerabilities. These are the steps:
- Create a new toolchain using a toolchain template that includes a git repository and two delivery pipelines — one to build and deploy the app and another to automatically scan your repository when a new merge request is submitted.
- Modify your app and create a merge request. You will see how your Tekton-based delivery pipeline automatically picks up the merge request on commit and uses Code Risk Analyzer to scan the app.
- Explore Code Risk Analyzer and see the results of the scan in your merge request.
- Merge your request and deploy your app to your Kubernetes cluster.
Watch the tutorial demo video
More resources and getting started
Code Risk Analyzer is included as part of IBM Cloud Continuous Delivery and is available in the IBM Cloud Dallas (US-South) region.