diff --git a/code-review/billing.mdx b/code-review/billing.mdx index 8d24f5b..1a129bf 100644 --- a/code-review/billing.mdx +++ b/code-review/billing.mdx @@ -14,7 +14,8 @@ Code Review has a free trial for new organizations. Go to **Billing** as an organization owner. - Start the trial. No payment method is required during the free trial. + Review and accept the terms of service and start the trial. No payment method + is required during the free trial. Once the trial is active, Hacktron starts running code reviews on all diff --git a/code-review/findings-feedback.mdx b/code-review/findings-feedback.mdx index 3e97538..7327530 100644 --- a/code-review/findings-feedback.mdx +++ b/code-review/findings-feedback.mdx @@ -31,6 +31,12 @@ Findings are posted inline on GitHub PRs and GitLab MRs when a vulnerability is

+## Public repositories + +When a repository is **public**, Hacktron keeps sensitive finding details out of the public pull request thread. In the summary review comment, findings outside the changed lines no longer show their title, description, proof-of-concept, or file location. Instead, you see a count and a link back to the finding in Hacktron. + +Inline comments on the diff itself are unaffected, so findings on the changed lines still appear in full. **Private and internal repositories are unchanged** and show complete finding details as usual. + ## Triage comments You can leave triage comments on findings to help improve future reviews. This helps Hacktron understand @@ -75,6 +81,10 @@ so reviews get sharper, with fewer false positives and more of the bugs that act +## Checks update on triage + +Triaging a finding updates the pull request check right away. Marking a finding as a false positive or accepted risk removes it from the [fail-on gate](/code-review/config#fail-the-check-on-findings), so the GitHub check (or GitLab commit status) flips back to passing with no re-run. Reopen the finding and the check fails again to match. + ## Feedback loop Triage feedback helps Hacktron adapt to your codebase. Comments and project rules diff --git a/docs.json b/docs.json index e276eab..6293572 100644 --- a/docs.json +++ b/docs.json @@ -27,7 +27,8 @@ "group": "Overview", "pages": [ "index", - "platform/overview" + "platform/overview", + "platform/dashboard" ] }, { diff --git a/images/dashboard_scan_volume.png b/images/dashboard_scan_volume.png new file mode 100644 index 0000000..419ed8f Binary files /dev/null and b/images/dashboard_scan_volume.png differ diff --git a/platform/dashboard.mdx b/platform/dashboard.mdx new file mode 100644 index 0000000..3815d9a --- /dev/null +++ b/platform/dashboard.mdx @@ -0,0 +1,30 @@ +--- +title: "Dashboard" +description: "Track Code Review and Whitebox scan activity across your organization from the Hacktron dashboard." +--- + +The dashboard splits your work into tabs, so each view shows the metrics that +matter for it: + +- **Overview** +- **PR Review** +- **Whitebox Scan** + +## Scan volume + +The **Scan volume across time** widget shows how many scans ran over time as a +stacked bar chart. Each bar is one day, split into **PR Review** and **Whitebox +Scan** counts. Hover a bar to see the per-day breakdown. + +Scan volume across time chart on the dashboard + +## Next steps + + + + See where findings are posted and how triage improves reviews. + + + Start a whitebox scan from a repository or an uploaded archive. + + diff --git a/white-box-pentest/quickstart.mdx b/white-box-pentest/quickstart.mdx index 335ed3d..adbb4ca 100644 --- a/white-box-pentest/quickstart.mdx +++ b/white-box-pentest/quickstart.mdx @@ -38,6 +38,11 @@ Before you start, make sure the organization has: Select the primary repository and branch for the scan + + If you start the scan from an uploaded archive instead of a connected + repository, the scan takes the archive's filename as its name. + + Add target URLs, login steps, test credentials, areas to emphasize, and any