In addition to monitoring your cloud configuration, Accurics will also scan the Infrastructure as Code files in your code repository. When you Remediate a policy, violation found in your code repository, Accurics will help remediate the violation by opening a Jira ticket with the Pull Request for a file that fixes the issue and mapping the violation back to the source code.
Currently, Accurics integrates with Github, Bitbucket & Gitlab. Accurics also integrates with your hosted source code repositories, which are behind your enterprise firewall.
Perform the following steps to Integrate Accurics with code repositories such as Github, Bitbucket, or Gitlab.
- Step 1: Authorize Accurics to Access Your Repositories
- Step 2: Select the Terraform Repository
- Step 3: Entering TF Plan Input Variables as Part of the Configuration Steps
- Step 4: Terraform State file information
Step 1: Authorize Accurics to Access Your Repositories
Select your respective repository provider and click “Connect”. Let’s use GitHub in this example. Accurics will be using Oauth 2.0 as a mode of authorization. Click on “Authorize Accurics-Inc”.
This operation will add an Accurics app to your Github account with “READ ONLY” privileges.
You can revoke the authorization anytime by going to your Github account and clicking on settings section.
Step 2: Select the Terraform Repository
Once you have authorized Accurics to access your SCM account, in the Select your repository section,
- Select the appropriate engine type, click the Select button
- In the Repository Contents dialogue, select the target repository and folder as shown in the screenshot below.
Note: By selecting the On-premises/Custom Repository checkbox, you can also specify a custom repository URL and folder name in the SCM.
- Click Submit
Step 3: Entering TF Plan Input Variables as Part of the Configuration Steps
Once you have selected the terraform code repository, please select the “Advanced Settings” option that is next to the repository location.
Please refer to the below screenshot:
This will open a popup window requesting information about terraform code version and input variables that you are using to run your terraform plan. You will need to add all the variables, their key name and key value in the input boxes given in the popup window. See Pre-populated Parameters in Repository Configuration.
Step 4: Terraform State file information
Accurics may require access to terraform state files to get resource attribute information in cases when your resources do not have a name tag.
This is to ensure that all cloud resources are accurately mapped to the terraform code even if resources do not have tags.
Add variable TFSTATE_URL and the S3 path of the state file (currently Accurics supports state files stored in S3 buckets.)