A Target represents the entity to be scanned by a scanning tool via a Scenario . Some examples of a target type are source code repositories, build artifacts, containers, application or web servers, hosts.
An Integration represents a target type (repository or artifact, etc.) and is a way to organize Targets . Depending on target type, an Integration could locate targets and ask for its connection configurations (API connection info, credentials, etc.). Creating one allows ZeroNorth to connect with the Target specified and scan it. Usually, only one Integration is needed per target type.
Once defined to the ZeroNorth platform, a Target can then be specified in a Policy .
Go to zn OPS > Targets > Add Target . In the new Target screen:
- Specify the Target Type (GitHub).
- Select a GitHub type Integration .
- Click on Discover (or Discover Again ) to allow ZeroNorth to connect to the GitHub repository specified in the selected Integration.
- From the resulting list of Targets , select the desired repository.
- Specify the Repository Name .
- Click Save to create the Target.
A Target can have associated with it one or more notifications. Target-level notifications work as follows:
- A Policy that includes the Target in question runs and pick up vulnerabilities which generate ZeroNorth Synthetic Issues.
- If a resulting ZeroNorth Synthetic Issue qualifies for generating an alert (e.g. based on severity or because of a Ruleset), ZeroNorth sends out notifications, one per Synthetic Issue.
See the article " Set Up Notifications About a Target-level Issue " for details.