Getting Started With PatchFox #
To get started with PatchFox, please follow the guide below. At any time during the onboarding process, you can click on the “Help” section on the upper right corner to submit a support request.
Step 0. Reach Out To Us #
The first step is to first reach out to us at ask@patchfox.io and let us know you want to onboard to PatchFox. We will then be able to provide you with your organization-specific API token and API URL.
Step 1. Onboard Your Data #
Once you have your API token and API URL, you now can onboard your data that you want PatchFox to scan and analyze. Onboarding is a one-time process where you include our ETL component directly in your Gitlab CI, and manage it there moving forward:
- Navigate to our publicly available ETL Gitlab component and copy over the include block in your
.gitlab-ci.ymlfile. - Fill out the variables as needed for your team and organization. Fill out the API token and API URL with the values you received in the above step.
- Include the stage patchfox-etl in your stages section, where you want it.
- Run the pipeline
You’re basically done with onboarding 🙂 You will see the data appear in the INPUT view as they get ingested. Please note that data registration time will depend on the size of the dataset and so a job for one repository can take longer than a job for another repository.
Detailed docs for the INPUT view can be found here.
Step 2. Evaluate Your Results #
Once the data absorption and scanning is complete, PatchFox will update your dashboards with the results. The TRACK view is where you can view a fully laid out summary of your security status for the data that you onboarded. This TRACK dashboard is where you can assess your organization’s current security status and observe which parts you are doing well in and need to improve on.
The track view not only deals with your current snapshot but is the main hub where you can view security trends and patterns for your organization and the progress it has made with PatchFox. The statistics will help you notice the vulnerable areas for your organization and this view will be the starting point into helping you prioritize your next tasks for vulnerability remediation.
Detailed docs for the TRACK view can be found here.
Step 3. Plan and Adjust for the Future #
Once you have onboarded your data and viewed a summary in your TRACK view dashboard, the RECOMMEND view where you can view a recommended set of actions for your organization. The best part about this view is that it is entirely customizable depending on what your organization’s goals and priorities are. We understand that organizations are of different sizes, have different goals, and work at a different pace. This view is exactly where we aim to achieve what other tools out there currently miss – we suggest customized recommendations for your organization all the while showing you the resulting changes and what your future snapshots would look like.
Detailed docs for the RECOMMEND view can be found here.
Frequently Asked Questions #
Q: If users for an org use the same token, is there an easy way to view just my repository data only?
A: You can always filter by datasource (or any other filters you want), which means you can view data not only by repository, but by timestamp, language, etc.
Q: My Gitlab pipeline is running into errors.
A: If you are sure you inputted the correct values for your variables but your pipeline is still running into issues, please reach out to us at ask@patchfox.io for support.
