Configure Scanners¶
The Global configuration feature allows users to set global scanner configurations on specific scanners. This feature centralizes Semgrep Pro and Snyk tokens and enables users to build and maintain complex Semgrep and CodeQL rule sets centrally, while users can also configure Gitleaks scanner for secrets management. This simplifies the process of provisioning scanner coverage for your assets.
1. CodeQL¶
To configure the CodeQL scanner,
- Navigate to the Scanner Coverage page.
-
Click on the Configure Scanners button
-
Select "Enable" for the CodeQL scanner.
-
Click the Add Configuration button.
-
Include the
requiredparameters Configuration and Language, and you can then includeoptionalparameters Create Arguments and Analyze Arguments.Check out the list of supported languages. You can also learn more about your CodeQL configuration.
2. Semgrep¶
To configure the Semgrep scanner:
- Follow steps 1 - 2 in CodeQL above.
-
Select "Enable" for the Semgrep scanner.
-
Click the Add Rule Set button to add the Rule Set (Name) and it's corresponding Rule.
-
Click the Save button to save the configuration.
3. Semgrep Pro¶
To configure the Semgrep Pro scanner:
- Follow steps 1 - 2 in CodeQL above.
-
Select "Enable" for the Semgrep Pro scanner.
-
Enter a Token and click the Add Rule Set button to add the Rule Set (Name) and the Rule.
-
Click the Save button to save the configured scanner.
4. Snyk¶
To configure the Synk scanner:
- Follow steps 1 - 2 in CodeQL above.
-
Select "Enable" for the Synk scanner.
-
Enter the Token and click the Save button to save the details.
5. Gitleaks¶
To configure the Gitleaks scanner:
- Follow steps 1 - 2 in CodeQL above.
-
Select "Enable" for the Gitleaks scanner.
-
Click the Add Configuration button.
-
Add the Name, Path, and Content. The Validate Secrets checkbox is selected by default and the content here is your .gitleaks.toml file.
-
Click the Save button to save the configuration.