Architecture

Web Service (WebHook)

Overview

• CxFlow listens to HTTP/S requests matching specific payloads that represent pull/merge requests and push requests.

• Bitbucket (Server & Cloud)
• GitHub
• Azure DevOps / TFS
• GitLab

• CxFlow is configured to process events associated with branches considered important/protected across the enterprise based on the following:

• List of static values

• master
• develop
• release

• List of regular expressions
• External Groovy Script execution hooks

• Upon receiving an event, CxFlow will:

• A scan request for the repository will be initiated

• Scans will be attempted as incremental with the following rules (optional):

• A full scan was conducted within the last 7 days (configurable)
• A scan was conducted within the last 5 scans (configurable)

• Global file exclusion pattern(s) will be applied for every scan according to the CxFlow configuration

• Optionally Result feedback can be configured

• CxFlow generates the XML report
• Results are filtered
• Results are published according to the configured feedback channel(s)
• File type, number of references, percentage of code base (reflected from post exclusions) will be mapped
• CxFlow will iterate through a rule set that will attempt to match the fingerprint of the source code