GitHub
Flyingduck supports GitHub in both cloud and on-premise deployments, providing comprehensive security scanning capabilities for your repositories.
GitHub Cloud
GitHub Cloud (GitHub.com) integration provides seamless scanning with Flyingduck. Choose from different deployment modes based on your security and compliance requirements.
Flyingduck Deployment Modes
| Feature | Flyingduck Cloud Scan | Flyingduck with Runner |
|---|---|---|
| Deployment Model | Flyingduck Cloud. | Agent runs in your VM, requires a dedicated VM 24x7. requirements |
| Source Code Location | Source code is copied to Flyingduck cloud for scanning. | Code is completely on client infrastructure (never leaves network). See what data we collect |
| Continuous Scans | Available for every commit. | Available for every commit. |
| PR Scans | Available for every PR without any extra configuration (scans only the delta changes) | Need to configure agent in pipelines/workflows to scan PR's. |
| PR Decoration | Available (Findings are added to PR checks). | Not applicable |
| PR Remediation | Available (New PR's are raised with fix code for SAST issues). | Not applicable |
| Blocking Builds/PRs | Available, Can block PR's based on finding's severity without any extra configuration. | Need to configure agent in pipelines/workflows to block PR's based on finding's severity. |
| Vulnerability Detection | SBOM, SCA, Secret Detection and SAST. | SBOM, SCA, Secret Detection and SAST . |
| Business Logic (AI) | Uses Flyingduck's hosted AI models. | Requires client to provision AI model on AWS or Azure. |