Monitor and Take Your GitHub Under Control with Resmo
Table of contents
In this article, I will monitor my GitHub repositories with Resmo, analyze them based on Resmo’s suggestions, and aim to ensure their security by setting up notification rules.
What is Resmo?
Resmo is a DevSecOps tool that aims to provide security for your assets in cloud or SaaS environments, whether individual or corporate, by monitoring them all in one place. The Turkish venture intends to fill in the gap in this field.
GitHub Repository Integration
Let’s select GitHub from the Integration selection page.
Fill in the integration fields from the opening window.
After clicking the Create button, allow the required permissions from the redirected GitHub screen.
Resmo’s dashboard allows us to monitor your resources.
From there, we can analyze specific data, such as which repositories are public or private, and be able to edit the dashboard.
When we look at the repository section on the Resources page, we can view our entire repository list.
One point that I’d like to draw attention to is the risk evaluation; what kind of suggestions will Resmo provide once we click a repository.
Rules are substantially significant. Here, you can add custom rules for your integration or leverage pre-made rules that Resmo offers.
After checking one of Resmo’s best practice suggestions, I could identify my repositories with no license. 😳
With another recommendation, I had a chance to examine my public repositories, which I overlooked or perhaps were supposed to be private.
It’s also possible to receive notifications/alerts according to the relevant results by querying based on specific criteria by writing SQL.
We can receive notifications based on the rules we set up. Let’s create a notification rule.
The notification rule option allows us to create one by defining which rules should send what kind of notifications depending on specific severities.
Notification channel options are pretty extensive.
We can connect multiple channels to a notification rule and receive notifications based on our defined rules.
As a “developer,” I tried to explore Resmo with GitHub. Resmo has even more capabilities; I recommend you try it.
This blog post was originally written in Turkish; see the original blog post.