NShiftKey-doc logo NShiftKey-doc

NShiftKey should work in conjunction with Github. Just by installing NShiftKey app on Github repository, NShiftKey completes the setup and the repository is continuously monitored. Static analysis is performed automatically whenever pull request occurs.

A static analysis of NShiftKey (including open source analysis) is performed periodically when a pull request occurs.


Contents

  1. Installation
  2. How to perform security analysis
  3. Analysis report
  4. Features
  5. Uninstallation

Installation

Caution! If you select “All repositories”, NShiftKey is applied to all repositories in the organization.

If you cannot find the repository, search by the repository name.

In some cases, security-checker installation may require approval from the organization owner.

How to install NShiftKey: According to the type of use cases

[CASE 1]

Only one repository

[CASE 2]

Using forked repository and analyzing every Pull Request to the main repository

Caution: To perform opensource vulnerability scanning on a forked repository, you also need to install the app on a forked repository.(If the app is not installed in the forked repository, Opensource vulnerability scanning is performed on the main repository.) For more information, please refer to the “Target branch of Opensource vulnerability scanning” on the link. link

[CASE 3]

Using forked repository and internal analyzing of the forked repository


How to perform security analysis

NShiftKey provides three types of security vulnerability analysis: source code static analysis, web page dynamic analysis, and opensource library analysis. If NShiftKey is installed, it is easy to perform above analysis.


Source code static analysis
Opensource library analysis


Analysis report

Type of analysis Reporting channel
Source code static analysis Check tab of Pull Request
Opensource library analysis Check tab of Pull Request

Report of source code static analysis
Report of opensource library analysis


Features

  1. If the reported security vulnerability is already known issue, the Ignore Warning feature helps you to exclude it from the next analysis.
  2. Customizing Setting helps you to set the level of detection vulnerabilities and analysis scope of project. Also, this feature helps you to exclude unwanted rules.
  3. You can set up to analyze only modified files.

Uninstallation