Project Layers and Security Checks
Overview
A Project Layer (pipeline) is a grouping entity for Security Checks. Users can create new layers and configure existing ones based on their assigned role.
In TRON.ASOC, each Project Layer is linked to a specific project.
Accessing Project Layers
To work with Project Layers:
- Navigate to Projects section
- Find and select the desired project
- Open project overview
- Go to Project Layers tab
Layer Structure
Project Layers are organized as a hierarchy with configurable nesting:
- Default maximum nesting levels: 10
- Nesting limit can be adjusted during system deployment
- Flexible architecture supporting development needs and processes
Layer Details
Each Project Layer includes these parameters:
Basic Information
- Layer Name - Name of the layer
- Security Check Status - Overall status of layer's scans
- Scan Results - Results for selected layer
- Security Issues - Issues for selected layer
- Quality Gates - Quality controls for selected layer
- Start New Scan - Initiate new scan
Status Types
- Done
- No runs yet
- Not completed
- In progress
- Quality gate failed
- Quality gate passed
Security Checks Table
- Source - Scan source name
- Tool - Security tool name
- Launch Type (Manual/Automatic)
- Quality Gates (with add button)
- Scan Status - Individual scan status
- Scan Results - Individual scan results
- Security Issues - Individual scan issues
Scan Actions
- Start New Scan
- Edit Scan
- Import Results
- Import SBOM
- Delete Scan
- Add Security Issues Manually (manual tools only)
Layer Actions
- Edit Layer
- Move
- Duplicate
- Add Nested Layer
- Delete
Information Blocks
-
Information Block
- Layer Type
- Layer Description
- Additional custom fields
-
Requirements Block
- Custom fields with additional layer requirements
Creating Project Layers
Steps to Create Layer
- Navigate to Projects → desired project → overview
- Go to Project Layers tab
- Click Add Layer
- Choose creation method:
Creation Methods
- From Scratch - Create empty layer
- From Template - Use pre-configured template
- Form pre-filled with template values
- Includes all custom attributes and requirements
- Copy Existing Layer - Reuse existing layer
- Select from existing layers (templates excluded)
- Scans copy without sources (add source button provided)
Completion
- Fill creation form fields
- Click Create
Creating Security Check
Prerequisites
- Configure integrations with required scan sources (Integrations → Security Sources)
- Ensure proper user permissions for adding scan sources
Steps to Add Security Check
- Navigate to Projects → Project Name → Project Layers → Project Layer
- Click Add or Add Security Check
- Complete security check creation form
Form Requirements
- Security Tool selection (mandatory)
- Only tools from Integrations section available
- Fields vary based on selected Source and Tool
- Option to add multiple source branches/tags
- For some tools: choose launch type (manual/automatic)
- Automatic: set frequency and time
- Test connection using Test Connection button
Authentication Notes
- If no auth method specified in tool integration:
- Auth method selection becomes mandatory
- Provide credentials (API Token, Login/Password)
- If no auth method specified in source integration:
- Auth method selection mandatory
- When editing scan sources:
- Branch/tag fields show/hide based on source type
- Non-branch sources: branch field hidden
- Non-image sources: tag field hidden
Importing Results
Security Checks support importing results from external tools:
- Available for selected security tools only
- Not supported by all tools
info
Important Notes:
- Authentication requirements depend on integration configuration
- Field visibility depends on source type capabilities
- Template usage simplifies layer creation process