Organization scan

Org-Scan (Discover & Scan Organization repositories)

When invoked, xygeni org-scan command discovers and analyzes all the Organization's repositories.

xygeni org-scan [options] 

As part of the process, the checkout of each repository is done into a temporary directory. Then, it’s deleted at the end of the scan process.

This command is very useful to quickly generate the inventory of an organization, and especially for performing smooth onboardings.

To discover the repos into a SCM organization, you must indicate the name of the organization as well as the hostname of the SCM system

Discovery options:
      --org, --group, --workspace=<name>
                             Name of the Organization, Group or Workspace to discover.
      --hostname=<hostname>  Hostname of the SCM system. Like 'https://github.com' or 'https://my.on.
                               premise.github.com'. GitHub Cloud will be used by default.

You can even filter the repos to be scanned thru inclusion/exclusions

      -ri, --repo-includes=<includesPattern>
                             Regex for repositories to be included in the discovery. Everything is
                               matched by default.
                             Example: -ri ^micros/AGI_.*|^deploy/AGI_.*|^fe/AGI_.*
      -re, --repo-excludes=<excludesPattern>
                             Regex for repositories to be excluded in the discovery. Nothing is matched
                               by default.
                             Example: -re ^micros/AGI_.*|^deploy/AGI_.*|^fe/AGI_.*

Finally, you can also execute it in dry-run mode ( --dry-run )

As an example, you might use --dry-run option to show the discovered repositories.

$ xygeni -q org-scan --org xygeni --dry-run
    --run inventory,secrets,iac,codetamper \
    -e '**/test/**,build/**' -f none

And then, after reviewing the results, you might want to filter the projects and run the scans:

$ xygeni -q org-scan --org xygeni -ri "^xy.*" -re "^xygeni\-(a|c).*"
    --run inventory,secrets,iac,codetamper \
    -e '**/test/**,build/**' -f none

Last updated