Create your first component with automatic security scanning to see how CloudBees Unify analyzes code and dependencies for vulnerabilities. This walkthrough shows you the basic continuous security workflow using an existing repository.
Prerequisites
Before you begin, ensure you have:
-
A CloudBees Unify organization with component creation permissions.
-
A GitHub or Bitbucket repository with code to scan.
-
Admin access to the repository for integration setup.
For complete technical requirements, refer to CloudBees Unify technical requirements reference.
Create your first security-scanned component
-
Integrate your SCM provider with CloudBees Unify.
Navigate to and create an integration for your GitHub or Bitbucket account. For detailed steps, refer to the platform integration documentation.
-
Enable security scanning for your organization.
Enable implicit security assessment and the code scanners you want to use. If your workflows register or publish binaries, also enable binary analyzers to scan them.
Enable security scanning before you create your component, so that scanning triggers automatically when the component is created. For detailed steps, refer to Configure implicit security analysis.
-
Create a component linked to your repository.
Navigate to and create a new component. Select your integrated repository during component creation. This enables automatic security scanning whenever code changes occur.
-
Trigger initial security scans by pushing code changes.
Make any change to your repository and push it to the main branch. CloudBees Unify automatically initiates comprehensive security analysis including static code analysis, dependency vulnerability scanning, and secret detection.
-
Review security findings in CloudBees Unify security views.
Navigate to the security dashboards to review scan results:
-
Use the Security Center for component-level security findings and triage workflows.
-
Access the Security Overview for application-level security posture management.
-
Check Security Insights for organizational security metrics and trends.
-
Your component now has continuous security scanning active. CloudBees Unify will automatically scan every future code push, providing ongoing security analysis.
What you accomplished
You’ve experienced the basic continuous security workflow:
-
Component-based security activation that requires no pipeline configuration.
-
Automatic trigger scanning on code changes.
-
Integrated security findings in CloudBees Unify security views.
-
Multi-scanner analysis including code analysis, dependency scanning, and secret detection.
This foundation enables you to explore advanced security features like policy configuration, triage workflows, and organization-wide security posture management.