Skip to main content
Version: 1.4

Project Layers and Security Checks

Overview

A Project Layer (pipeline) is a grouping entity for Security Checks. Users can create new layers and configure existing ones based on their assigned role.

In TRON.ASOC, each Project Layer is linked to a specific project.

Accessing Project Layers

To work with Project Layers:

  1. Navigate to Projects section
  2. Find and select the desired project
  3. Open project overview
  4. Go to Project Layers tab

Layer Structure

Project Layers are organized as a hierarchy with configurable nesting:

  • Default maximum nesting levels: 10
  • Nesting limit can be adjusted during system deployment
  • Flexible architecture supporting development needs and processes

Layer Details

Each Project Layer includes these parameters:

Basic Information

  • Layer Name - Name of the layer
  • Security Check Status - Overall status of layer's scans
  • Scan Results - Results for selected layer
  • Security Issues - Issues for selected layer
  • Quality Gates - Quality controls for selected layer
  • Start New Scan - Initiate new scan

Status Types

  • Done
  • No runs yet
  • Not completed
  • In progress
  • Quality gate failed
  • Quality gate passed

Security Checks Table

  • Source - Scan source name
  • Tool - Security tool name
  • Launch Type (Manual/Automatic)
  • Quality Gates (with add button)
  • Scan Status - Individual scan status
info

In case when quality control is not passed, it is provided the ability to see by which specific metrics the check did not pass. For this it is necessary to click on the status Not passed, after that a window for viewing the list of quality control metrics will open. Layers

  • Scan Results - Individual scan results
  • Security Issues - Individual scan issues

Scan Actions

  • Start New Scan
  • Edit Scan
  • Import Results
  • Import SBOM
  • Delete Scan
  • Add Security Issues Manually (manual tools only)

Layer Actions

  • Edit Layer
  • Move
  • Duplicate
  • Add Nested Layer
  • Delete

Information Blocks

  • Information Block

    • Layer Type
    • Layer Description
    • Additional custom fields

  • Requirements Block

    • Custom fields with additional layer requirements

Creating Project Layers

Steps to Create Layer

  1. Navigate to Projects → desired project → overview
  2. Go to Project Layers tab
  3. Click Add Layer
  4. Choose creation method:

Creation Methods

  • From Scratch - Create empty layer
  • From Template - Use pre-configured template
    • Form pre-filled with template values
    • Includes all custom attributes and requirements
  • Copy Existing Layer - Reuse existing layer
    • Select from existing layers (templates excluded)
    • Scans copy without sources (add source button provided)

Completion

  1. Fill creation form fields
  2. Click Create

Creating Security Check

Prerequisites

  • Configure integrations with required scan sources (Integrations → Security Sources)
  • Ensure proper user permissions for adding scan sources

Steps to Add Security Check

  1. Navigate to ProjectsProject NameProject LayersProject Layer
  2. Click Add or Add Security Check
  3. Complete security check creation form

Form Requirements

  • Security Tool selection (mandatory)
    • Only tools from Integrations section available
  • Fields vary based on selected Source and Tool
  • Option to add multiple source branches/tags
  • For some tools: choose launch type (manual/automatic)
    • Automatic: set frequency and time
  • Test connection using Test Connection button

Authentication Notes

  • If no auth method specified in tool integration:
    • Auth method selection becomes mandatory
    • Provide credentials (API Token, Login/Password)
  • If no auth method specified in source integration:
    • Auth method selection mandatory
  • When editing scan sources:
    • Branch/tag fields show/hide based on source type
    • Non-branch sources: branch field hidden
    • Non-image sources: tag field hidden

Importing Results

Security Checks support importing results from external tools:

  • Available for selected security tools only
  • Not supported by all tools
info

Important Notes:

  • Authentication requirements depend on integration configuration

  • When selecting the Appscreener SAST tool, for configuration convenience, the functionality of generating and downloading an API request is provided. Layers

  • Field visibility depends on source type capabilities

  • Template usage simplifies layer creation process