Skip to content

SCA Findings

SCA (Software Composition Analysis) scanners on BoostSecurity for GitLab can be set up by enabling one or more of the specialized SCA scanners. Follow these simple steps to configure it:

  1. Navigate to the Scanner Coverage page.

  2. Click on Select all repositories for GitLab so the SCA scanner can be installed on all GitLab resources.

    You can choose to select particular GitLab organizations or repositories.

    Select Repository

  3. Click on the Provisioning button at the top right of the page.

    Click Provisioning

  4. Scroll down to the SCA section of the scanners and select any SCA scanners. BoostSecurity Nancy, Npm-audit and Trivy are good options to select.

    Select SCA Scanners

    You may notice that some scanners are grayed out and cannot be selected. This is because additional configurations must be completed to enable the selection of these scanners, e.g.,

    Configure to Enable

  5. Click the Complete button.

    That's it!! You've successfully configured SCA scanners for your GitLab repositories.

  6. The SCA scanners are now provisioned and awaiting the first scan.

    Awaiting SCA scan

  7. Click on the Scanners tab and scroll to the SCA section.

    Scanner status

  8. Click the Trigger Scan button and any findings on the result would show up in the findings page.

    Trigger scan