Skip to content

Provisioning SCA Scanning


Provisioning Software Composition Analysis (SCA) scanning in BoostSecurity is straightforward and consistent across supported Source Code Management (SCM) systems such as GitHub, GitLab, Bitbucket, and Azure DevOps. Whether managing a single repository or a large-scale monorepo, you can configure SCA scanners using a centralized approach that ensures security coverage is automated, reproducible, and scalable.


Enable Scanning


SCA scanning can be enabled:

By default, BoostSecurity provides a curated selection of scanners that can be toggled on or off per repository. These scanners can be triggered on different Git events, such as pushes to the main branch or during pull request workflows.


Via BoostSecurity UI


To provision SCA scanners for an SCM via the Boost UI:

  1. Navigate to the Scanner Coverage page.
  2. Select one or more repos to provision.

    Provision Repos

  3. Click the Action button at the top-right of the page and select Provisioning.

    Provisioning

  4. On the Provisioning action screen, there are two options:

    1. Easy Provisioning: By clicking on the SCA checkbox on the easy provisioning tab, Boost automatically provisions the best SCA scanner suitable for the repository or resource. It does this by scanning for environment variables, arguments, or vlunerabilites that might possibly exist in the repos.

      Easy Provisioning

    2. Advanced Provisioning: By clicking on the Advanced tab, a user can manually select any of the available SCA scanners to provision against selected repos.

      Advanced Provisioining

  5. Click the Complete button to save changes.

  6. The SCA scanners are now provisioned and awaiting first scan.

    SCA scanners


Regular Audits and Updates


Dependency and scanner ecosystems evolve. Periodically review and update:

  • Enabled scanners
  • Severity thresholds
  • Notification recipients
  • Custom flags or scan parameters

Doing so ensures your security posture remains current with minimal manual oversight.