Unified Language User Guides
iCR User Guide 5.0
iCR User Guide 5.0
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Cloud Access Using OAuth
      • Authenticating GitHub Cloud Access Using PAT
      • Authenticating GitHub Enterprise Access Using OAuth
      • Authenticating GitHub Enterprise Access Using PAT
      • Authenticating GitLab Cloud Access Using OAuth
      • Authenticating GitLab Cloud Access Using PAT
      • Authenticating GitLab Enterprise Access Using OAuth
      • Authenticating GitLab Enterprise Access Using PAT
      • Authenticating Bitbucket Cloud Access using OAuth
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • Updating your User Information
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
      • Reviewer summary and filters
        • Filter by Severity
        • Filter by Category
        • Filter by CWE
        • Filter by OWASP
        • Filter by Directory
      • Reviewing a fix
      • Accepting a fix
        • Accepting a fix when integrated with your bug system
      • Rejecting a fix
        • Rejecting a fix when integrated with your bug system
      • Undoing a fix
        • Undoing a fix when integrated with your bug system
      • Rejected fix history
      • Providing feedback
      • Applying the fixes
      • Cases needing manual attention
      • Comparing Analyses
      • Capturing results for printing or sharing
      • Ending a reviewer session
    • When you are complete
    • Integrating iCR Into Your CI/CD Workflows
      • Jenkins Workflow
        • Installing the plugin
        • Configuring the plugin
          • Creating a Personal Access Token
          • Copying Your Repository's URL
        • Viewing the Results
      • GitHub Actions Workflow
        • GitHub Actions Overview
        • Preparing the GitHub Workflow
          • Environment Variables
          • User Supplied Secrets
          • Setting the User Defined Secrets Values
        • Executing the Workflow
      • GitLab CI/CD Workflow
        • GitLab CI/CD OverView
        • Configuring the GitLab Script variables
          • Environment Variables
          • User Supplied Variables
          • Creating a Personal Access Token
          • Setting the User Defined Variable Values
        • Executing the Workflow
      • Multiple Workflows
    • Appendix – Language Specific Fixer Lists
    • Appendix - Sample Bug Listing
    • Appendix - Getting a BitBucket App Password for JENKINS
Powered by GitBook
On this page
  1. Table of contents

Authorizing Access to Your Source Code

Most developers use a tool to manage the archiving and versioning of their source code. Such systems are referred to as Version Control Systems (VCS).

Thankfully, the industry has standardized over the years to models based upon Git. “Git was originally authored by Linus Torvalds in 2005 for development of the Linux kernel.” Since then, systems based upon Git have become prominent in the industry. These include GitHub, GitLab and Bitbucket. iCR is designed to work with all three of these industry leading Version-Control Systems (VCS), and before iCR can analyze your source code, it needs to be authorized to access your VCS repositories.

GitHub, GitLab are offered with 2 distinct deployment models. There is the cloud version in which a developer’s source code is stored in the cloud using servers provided by the VCS itself. iCR also supports Bitbucket in this cloud deployment model. A developer logs into the cloud service and then gains access to their personal projects.

A similar service is available for private deployments for GitHub and GitLab. In these cases, an “enterprise” version of GitHub or GitLab is acquired by the developer and installed within their development network. In these cases, a developer still must authenticate with the VCS in order to gain access to their source code.

One of the key features of iCR is that using it does not require you to expose your source code outside of your own development team. So how does iCR gain access to your source code? iCR offers 2 methods for code authorization.

The first method is to have each user of iCR configure a Personal Access Token or PAT into iCR. The PAT is a secure method unique to each developer which authorizes the developer to access all of their projects.

The second method uses the industry standard protocol: OAuth.

From Wikipedia: “OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.”

Both PAT and OAuth modes of authorization are used for both cloud-based and privately deployed instances of GitHub, GitLab and Bitbucket. The setup is slightly different for each modes and each VCS. They will be explained individually in the following pages.

PreviousOverviewNextAuthenticating GitHub Cloud Access Using OAuth

Last updated 5 months ago