This feature is currently available only for enterprise customers.

You can now use Embold to review commits made on your GitHub and Bitbucket repositories. When code is committed, Embold scans the changed files and reports Vulnerabilities, code issues and anti-patterns on Embold UI. Thus facilitating a more effective and easier review of changes in your code.

Setting up commit workflow

To set up commit workflow you should configure webhooks and enable commit workflow for your repositories.

Configuring webhooks for commit workflow

GitHub, Bitbucket notify Embold when a new commit request is created via webhooks. If the repository credentials (or version control account) configured in Embold for a repository has sufficient privileges, Embold will automatically set up a webhook on GitHub and Bitbucket.

However, if that is not the case you will have to manually set up the webhook. For manual set up follow the steps given below.

Steps:

  1. Create a webhook on Github, and Bitbucket.
  2. Use Embold webhook receive URL while creating the webhook as target

Note: If your Embold and version control system (such as Bitbucket) is hosted on different networks, you may have to make Embold available to the other network through URL forwarding. Read this guide on URL forwarding for information.

Enabling commit for a repository

You can enable commit workflow in Embold while linking a repository or later on when you decide to enable it. Enabling it during linking a repository is easy. Just select (or check) the “Enable Commit Scan” option from the link repository pop-up.

You can update this setting or enable commit at a later point in time from the “Edit repository” pop-up.

Select Repository type as VCA (Version Control Account) and GIT account only.

Using Commit Workflow

When a new commit is created on your GitHub and Bitbucket repository, Embold automatically scans the changed files. The status of this scan can be monitored from GitHub and Bitbucket.

Commit scan status can also be monitored from the “Development History” page in Embold UI.
Each and every single commit data will be seen. Moreover, without 1st complete scan commit scan won’t work.

Commits review can be done from the “Development History” page in a repository. This page may not be available if the commit workflow is disabled.

Steps:

  1. Open “Development History” page from node summary bar
  2. Navigate to the Commits tab.
  3. A list of available commits can be seen here.
  4. Select a commit you want to review by clicking it.
  5. Commits details pop-up will open. Various kinds of issues such as newly created issues, fixed, or carried over issues can be seen here.

The Issues under Development History > Commits tab can have the following scenarios:

  1. Commit Scan Passed– This means no issues are seen and status is “All good“.
  2. Commit Scan Passed- For e.g. +1 is mentioned that means 1 Issue fixed.
  3. Commit Scan Failed: User can click “Retry” button and then scan will get aborted again.