Skip to content

Configure Scanners


The Global configuration feature allows users to set global scanner configurations on specific scanners. This feature centralizes Semgrep Pro and Snyk tokens and enables users to build and maintain complex Semgrep and CodeQL rule sets centrally, while users can also configure Gitleaks scanner for secrets management. This simplifies the process of provisioning scanner coverage for your assets.


1. CodeQL


To configure the CodeQL scanner,

  1. Navigate to the Scanner Coverage page.
  2. Click on the Configure Scanners button

    Configure Scanners

  3. Select "Enable" for the CodeQL scanner.

    Enable CodeQL

  4. Click the Add Configuration button.

    Add configuratio

  5. Include the required parameters Configuration and Language, and you can then include optional parameters Create Arguments and Analyze Arguments.

    Check out the list of supported languages. You can also learn more about your CodeQL configuration.

    Add Rule Set button


2. Semgrep


To configure the Semgrep scanner:

  1. Follow steps 1 - 2 in CodeQL above.
  2. Select "Enable" for the Semgrep scanner.

    Enable Semgrep

  3. Click the Add Rule Set button to add the Rule Set (Name) and it's corresponding Rule.

    Add Rule Set button

    Add Rule Set and Rule

  4. Click the Save button to save the configuration.


3. Semgrep Pro


To configure the Semgrep Pro scanner:

  1. Follow steps 1 - 2 in CodeQL above.
  2. Select "Enable" for the Semgrep Pro scanner.

    Enable Semgrep Pro

  3. Enter a Token and click the Add Rule Set button to add the Rule Set (Name) and the Rule.

    Configure Semgrep Pro Scanner

  4. Click the Save button to save the configured scanner.


4. Snyk


To configure the Synk scanner:

  1. Follow steps 1 - 2 in CodeQL above.
  2. Select "Enable" for the Synk scanner.

    Enable Synk

  3. Enter the Token and click the Save button to save the details.

    Configure Snyk Scanner


5. Gitleaks


To configure the Gitleaks scanner:

  1. Follow steps 1 - 2 in CodeQL above.
  2. Select "Enable" for the Gitleaks scanner.

    Enable Gitleaks

  3. Click the Add Configuration button.

    Enable Gitleaks

  4. Add the Name, Path, and Content. The Validate Secrets checkbox is selected by default and the content here is your .gitleaks.toml file.

    Enable Gitleaks

  5. Click the Save button to save the configuration.