Skip to content

SCA Findings

SCA (Software Composition Analysis) scanners on BoostSecurity for GitLab can be set up by enabling one or more specialized SCA scanners. Follow these simple steps to configure it:

  1. Navigate to the Scanner Coverage page.
  2. Click on Select all repositories for GitLab to install the SCA scanner on all GitLab resources.

    You can choose to select particular GitLab organizations or repositories.

    Select Repository

  3. Click on the Provisioning button at the top right of the page.

    Click Provisioning

  4. Scroll down to the SCA section of the scanners and select any SCA scanners. BoostSecurity Nancy, Npm-audit, and Trivy are good options.

    Select SCA Scanners

    You may notice that some scanners are grayed out and cannot be selected. This is because additional configurations must be completed to enable the selection of these scanners, e.g.,

    Configure to Enable

  5. Click the Complete button.

    That's it!! You've successfully configured SCA scanners for your GitLab repositories.

  6. The SCA scanners are now provisioned and awaiting the first scan.

    Awaiting SCA scan

  7. Click on the Scanners tab and scroll to the SCA section.

    Scanner status

  8. Click the Trigger Scan button, and any findings on the result will appear in the findings page.

    Trigger scan