When integrating Lucent Sky AVM with software development lifecycle, it is common for scans to be initiated by a continuous integration pipeline, and pushing the source code to a Lucent Sky AVM instance. In scenarios that is not practical to push the source code, Lucent Sky AVM can also pull the source code from a version control system.
To learn more about using Lucent Sky AVM with a continuous integration pipeline, view the following article in the Lucent Sky Knowledge Base:
Use Lucent Sky AVM with a continuous integration pipeline
To configure a scan to pull source code from a version control system, set the Repository of the scan to the repository connection string corresponding to the version control system. You can also set the Repository of an application to the repository connection string, which will make every new scan of the application use that connection string by default. A repository connection string has four parts: protocol, URL, username, and password. This article includes connection string examples of common version control systems.
Azure DevOps
To scan an application by getting its source codes source code from Azure DevOps, use the following values to construct the connection string:
Protocol | URL | Username | Password |
---|---|---|---|
Git | https://dev.azure.com/{organization}/{project}/_git/{repo} orhttps://{organization}.visualstudio.com/{project}/_git/{repo} |
` |
{PAT} |
TFVC | https://dev.azure.com/{organization}/{path} orhttps://{organization}.visualstudio.com/{path} |
` |
{PAT} |
For private Git repositories, the PAT must have the Code > Read scope. For public Git repositories, use `
for password.
For TFVC repositories, the path part must begin with $/. The PAT must have the Code > Full scope.
Examples
The following connection string connects to the Git repository Backend of the project Website under the organization Contoso, using the PAT personalaccesstoken:
protocol,git;url,https://dev.azure.com/contoso/Website/_git/Backend;username,[email protected];password,personalaccesstoken
The following connection string connects to the TFVC repository Backend of the project Website under the organization Contoso, using the PAT personalaccesstoken:
protocol,tfvc;url,https://dev.azure.com/contoso/$/Website;username,`;password,personalaccesstoken
Azure DevOps Server
To scan an application by getting its source code from Azure DevOps Server (previously known as Team Foundation Server), use the following values to construct the connection string:
Protocol | URL | Username | Password |
---|---|---|---|
Git | https://{username}:{pat}@{hostname}/{collection}/{project}/_git/{repo} |
` |
` |
TFVC | https://{hostname}/{collection}/{path} |
{username} |
{password} |
For Git repositories, the PAT must have the Code > Read scope.
For TFVC repositories, the path part must begin with $/.
Examples
The following connection string connects to the Git repository Backend of the project Website on tfs.contoso.com, using the PAT personalaccesstoken:
protocol,git;url,https://[email protected]:[email protected]/DefaultCollection/Website/_git/Backend;username,`;password,`
The following connection string connects to $/Website/Backend path in the project collection DefaultCollection on tfs.contoso.com, using username [email protected] and password tfspassword:
protocol,tfvc;url,https://tfs.contoso.com/DefaultCollection/$/Website/Backend;username,[email protected];password,tfspassword
BitBucket
To scan an application by getting its source code from BitBucket, use the following values to construct the connection string:
Protocol | URL | Username | Password |
---|---|---|---|
Git | https://bitbucket.org/{workspace}/{repo}.git |
{username} |
{apppassword} |
For private repositories, the app password must have the Repositories > Read permission. For public repositories, use `
for both username and password.
If you are having difficulty connecting to a private repository, consider using an alternative URL https://{username}:{apppassword}@bitbucket.org/{workspace}/{repo}.git
and `
for both username and password.
Examples
The following connection string connects to the Git repository WebsiteBackend under the workspace contoso, using username jane and app password apppassword:
protocol,git;url,https://bitbucket.org/contoso/WebsiteBackend.git;username,jane;password,apppassword
GitHub
To scan an application by getting its source code from GitHub, use the following values to construct the connection string:
Protocol | URL | Username | Password |
---|---|---|---|
Git | https://github.com/{organization}/{repo}.git |
` |
{PAT} |
For private repositories, the PAT must have the repo scope. For public repositories, use `
for password.
Examples
The following connection string connects to the Git repository WebsiteBackend under the organization contoso, using PAT personalaccesstoken:
protocol,git;url,https://github.com/contoso/WebsiteBackend.git;username,`;password,personalaccesstoken
GitLab
To scan an application on by getting its source code from GitLab, either self-managed or SaaS, use the following values to construct the connection string:
Protocol | URL | Username | Password |
---|---|---|---|
Git | https://{hostname}/{group}/{repo}.git |
{username} |
{password} or {PAT} |
When using a PAT, use `
for username.
For private repositories, the PAT must have the read_repository scope. For public repositories, use `
for password.
Examples
The following connection string connects to the Git repository WebsiteBackend under the group contoso on gitlab.com, using PAT personalaccesstoken:
protocol,git;url,https://gitlab.com/contoso/WebsiteBackend.git;username,`;password,personalaccesstoken
The following connection string connects to the Git repository WebsiteBackend under the group contoso on gitlab.contoso.com, using username jane and password gitpassword:
protocol,git;url,https://gitlab.contoso.com/contoso/WebsiteBackend.git;username,jane;password,gitpassword
Subversion
To scan an application on by getting its source code from Apache Subversion, use the following values to construct the connection string:
Protocol | URL | Username | Password |
---|---|---|---|
SVN | https://{hostname}/{repo}/{project}/{branch} |
{username} |
{password} |
For public repositories, use `
for username and password.
Examples
The following connection string connects to the trunk branch of the WebsiteBackend repository of the Website project on svn.example.com/repos, using using username jane and password svnpassword:
protocol,svn;url,https://svn.example.com/repos/Website/WebsiteBackend/trunk;username,jane;password,svnpassword
Common questions
How do I pull source code from a specific branch of a Git repository?
To pull source code from a specific branch of a Git repository, append /$/{branch} to the URL part. For example, to pull the dev branch, use the following connection string:
protocol,git;url,https://dev.azure.com/contoso/Website/_git/Backend/$/dev;username,`;password,personalaccesstoken
How do I pull source code from a repository with non-ASCII repository name, path, or branch name?
For Git repositories, if the repository name or part of the relative path contains non-ASCII characters, use the URL-encoded repository name or path. For example, to pull from a repository named ウェブ, use the following connection string:
protocol,git;url,https://dev.azure.com/contoso/Website/_git/%E3%82%A6%E3%82%A7%E3%83%96;username,`;password,personalaccesstoken
UTF-8 characters in the name of a Git branch or the relative path of a TFVC repository (the part after $/) are supported. However, if you are having problem connecting such a repository, consider URL-encoding the non-ASCII characters.
For example, to pull the デベ branch of a Git repository, use the following connection string:
protocol,git;url,https://dev.azure.com/contoso/Website/_git/Backend/$/%E3%83%87%E3%83%99;username,`;password,personalaccesstoken
For example, to pull from the $/デベ directory of a TFVC repository, use the following connection string:
protocol,tfvc;url,https://dev.azure.com/contoso/$/%E3%83%87%E3%83%99;username,`;password,personalaccesstoken
How do I connect to a repository hosted on a server using a self-signed certificate?
To connect to a repository hosted on a server using a self-signed certificate, add the certificate to the local machine Trusted Root Certification Authorities certificate store on the CLEAR Engine instance.
How do I connect to a repository hosted on a server using SSH?
Only HTTP and HTTPS are supported for connecting to Git and Subversion servers. Connecting using SSH is not supported.
Can I use my username when connecting using a personal access token?
In the example connection strings, a backtick (`) is used as a placeholder for username when using a personal access token (PAT). Most repository servers allow any non-empty character as username when authenticating using a PAT, however, some might require you to use your username when using a PAT or an app password. Check the instructions of your repository server to see what username to use when using a PAT.