Skip to content

Configure Scanners

The Global Configuration feature allows users to centrally manage scanner settings across supported tools. It provides a unified location to configure tokens for Semgrep Pro and Snyk, and to define and maintain advanced rule sets for Semgrep and CodeQL. Additionally, it supports configuration of the Gitleaks scanner for secrets detection. This centralized approach streamlines the provisioning and management of scanner coverage across your assets.

Common Configuration Steps

Before configuring any scanner, follow these initial steps:

  1. Navigate to the Scanner Coverage page.

  2. Click the Actions button at the top right corner of the page.

    Click Actions

  3. Click the Configure Scanners button.

    Configure Scanners

1. CodeQL

To configure the CodeQL scanner,

  1. Complete the Common Configuration Steps.

  2. Select "Enable" for the CodeQL scanner.

    Enable CodeQL

  3. Click the Add Configuration button.

    Add configuratio

  4. Provide the required fields Configuration and Language. Optional parameters include Create Arguments and Analyze Arguments.

    Add Rule Set button

  5. Click the Save button to finalize the configuration.

2. Semgrep

To configure the Semgrep scanner:

  1. Complete the Common Configuration Steps.

  2. Select "Enable" for the Semgrep scanner.

    Enable Semgrep

  3. Click the Add Rule Set button to add the Rule Set (Name) and the corresponding Rule.

    Add Rule Set button

    Add Rule Set and Rule

  4. Click the Save button to finalize the configuration.

3. Semgrep Pro

To configure the Semgrep Pro scanner:

  1. Complete the Common Configuration Steps.

  2. Select "Enable" for the Semgrep Pro scanner.

    Enable Semgrep Pro

  3. Enter your Token and click the Add Rule Set button to add the Rule Set (Name) and the corresponding Rule.

    Configure Semgrep Pro Scanner

  4. Click the Save button to finalize the configured scanner.

4. Snyk

To configure the Synk scanner:

  1. Complete the Common Configuration Steps.

  2. Select "Enable" for the Synk scanner.

    Enable Synk

  3. Enter the Token and click the Save button to finalize the details.

    Configure Snyk Scanner

5. Gitleaks

To configure the Gitleaks scanner:

  1. Complete the Common Configuration Steps.

  2. Select "Enable" for the Gitleaks scanner.

    Enable Gitleaks

  3. Click the Add Configuration button.

    Enable Gitleaks

  4. Fill in the following fields:

    • Name

    • Path

    • Content (this should be the contents of your .gitleaks.toml file)

    The Validate Secrets option is selected by default.

    Add Gitleaks Configuration

  5. Click the Save button to finalize the configuration.