An Ion Channel projects contain the data needed to assess and analyze vulnerabilities and other risk factors of software artifacts and code managed in software configuration managers like Git and SVN.

These instructions cover creating a project via the console. If you would like to upload many projects simultaneously, take a look at How to Create Projects in Bulk.

Steps to create a new project:

  1. Log in to the Ion Channel console.
  2. From the hamburger menuin the upper right corner, select Add a Project.
     -or-
    From the Project List page, select the + icon located to the right of the team drop-down menu.
  3. Ensure the correct team is displayed in the team drop-down menu on the right-hand side.
  4. Fill in the desired Project Detail fields.
    • Project Name - Choose a name for the project which you will use later to identify the project. Consider including identifying information such as the version number or branch when multiple projects with the same name may exist.
    • Ruleset - Choose an existing ruleset that will govern this project. The Default ruleset requires no viruses or high/critical severity vulnerabilities to exist to pass governance.
    • Organization, Product, and Version - These three fields help Ion Channel identify the main software product. The resulting match will determine if the product has any known vulnerabilities.
      Determining the Product Data

      Given a combination of a product's name, organization, and version, Ion Channel will attempt to determine what the product is with a reasonably high degree of confidence. At a minimum, the product name and version must be provided. Including an organization will help increase confidence in any matches.

      To identify any known vulnerabilities, providing naming information based on the NVD CPE dictionary will help ensure that the correct product is found. Ion Channel's search functionality can help determine NVD's exact naming.
    • Point of Contact - The person within your organization who should be contacted should any needs or questions arise for this particular project.
    • Point of Contact Email - The email address of your point of contact should they need to be contacted. This address will be used when the Email POC button is selected from the Project Analysis Dashboard actions menu. Ion Channel may use this email address if we need to contact someone regarding this project.
    • Description - Descriptive information about the project to provide more detailed information, internal documentation, or distinguishing features.
  5. Check/Uncheck the Active and Monitor checkboxes.
    • Active - Projects are activated by default. Unchecking this box will create the project in an archived stage, which hides it from the default project list view and prevents it from being analyzed.
    • Monitor - When monitoring is enabled, an analysis will occur automatically once per day. Uncheck this box if you want analyses to occur only when triggered manually or via a build tool.
  6. Select the type of project and fill in the additional fields presented for each project type. Ion Channel requires a unique source for each project to avoid duplication.
    • Git Projects -
      • Default Branch -The branch of the repository you would like to analyze. The branch can be any of the following:
        • branch name - Case sensitive
        • HEAD - With the branch value of HEAD, the default branch will be analyzed.
        • Full commit hash
        • Short commit hash
      • Git URL - The HTTPS or SSH URL for the Git repository. In GitHub, you can obtain these URLs via the Clone button.
      • SSH Private Key - The private SSH key that is needed to access a private repository. This field should be left blank for public repositories. You can find information on generating an SSH key here.
    • SVN Projects
      • Source Repo - The URL for the SVN repository and branch.
      • Username and Password - These fields are optional to create a project but are required to access a private repository.
    • Artifact Projects
      • URL - The URL for the file to be analyzed. This URL must point directly to the file itself, not to a website that includes a link to the file. Ion Channel supports most archive file types for Artifact projects. See here for a complete list.
      • Username and Password - These fields are optional to create a project but are required to retrieve a password-protected file.
    • S3 Projects
      • Region - The name of the region where your bucket is hosted, e.g., us-east-1.
      • URL - The S3 URL for the bucket location, e.g., s3://bucket-name, s3://bucket-name/folder-name.
      • Access Key ID - An AWS Access Key that has access to this bucket.
      • Secret Access Key - The AWS Secret Access Key that is paired with the access key.
    • N/A
      • This type of project does not require a repository. Instead, the project will monitor the matching product using the project's name, organization, and version.
  7. Select the Save button to create the project.

Once you have finished creating the project, it will appear on the Project List page in Pending status. An analysis will occur automatically on the next scheduled run if monitoring is enabled. To start an analysis immediately, you may start it manually.