Repos
Source code repositories
Depending on the source code provider, Ghost will analyze both repositories and projects. In Ghost terminology, a repository is a single codebase. In a monorepo, a project is the codebase for a single application, service, or API.
Repos & Projects
Repositories are analyzed by the Ghost Exorcist engine once per day if there have been changes to the codebase.
If your team is using a monorepo, the Ghost pre-analysis process will index each project in the monorepo.
Scanning
Scanning can be enabled on a per-repository basis. The Ghost Exorcist engine employs a number of processing, indexing, and analysis techniques to analyze a codebase. The engine utilizes custom analysis agents purpose-built to detect certain classes of code flaws, vulnerabilities, and authorization issues. The Ghost Research Team is constantly tuning the analysis agents to improve accuracy.
Findings
Findings are the output of the Exorcist analysis agents.
| Classification | Ratings | Description |
|---|---|---|
| Severity | info low medium high | The severity of the finding. |
| Feasibility | easy medium hard | The ease of exploiting the finding. |
| Effort | easy medium hard | The effort to remediate the finding. |
Read more about findings.
Endpoints
During analysis, the Exorcist engine also produces an endpoint map for the codebase. The endpoint map represents data input paths exposed to users of the app or API. Each endpoint is characterized by it’s HTTP method, path, parameters, and authentication & authorization traits.
Read more about endpoints.