You can achieve granular control over repository security through scan configurations. Tailor scans by managing branches, enabling/disabling scanners, customizing PR behavior, excluding paths, and managing repository deletion.
To access repository scan configurations:
Select → and search for the provider.
Select the relevant provider. You can see all the instances and their statuses.
Select an instance. The instance repositories and their statuses are displayed (including scan coverage).
Scan coverage indicates the scan engines that run against the repository, such as IaC, SCA, and Secrets.
Right-click on a selected repository and select Scan Configuration.
Configure scan settings:
Active Scanners:
Enable or disable Code Security scanners (IaC, SCA, Secrets)
Enable or disable Git history scans to automatically detect secrets still present in a repository’s past commits. By identifying these exposed credentials, you can proactively address risks and prevent potential data breaches
Enable/disable secrets validation to check a detected secret’s activity status via public APIs. This allows you to prioritize and address only active, exposed secrets. Secrets validation scanning is available through the Cortex Cloud tenant and IDE extensions.
PR Scanning:
Scan PR: Enable security scans to automatically trigger on a pull request (PR) to identify potential security risks or misconfigurations before the code is merged
Fail PR on scan error: Enable pull requests (PRs) to automatically fail on a scan error. This prevents security risks and misconfigurations from being merged
Tagging Bot: Enable to automatically append a unique
yor_traceID to resource and module blocks when a pull request is opened. This identifier enables precise code-to-cloud tracing throughout the software development lifecycleExclude Path: Specify the files and directories to exclude from scanning.
Exclude directories: Enter folder names to exclude all files inside, such as
node_modules/,tests/,dist/Exclude files by pattern: Use wildcards:
*for any number of characters,?for a single character.*.log: Excludes all log files*.min.jsExcludes all minified JavaScript files
Use a Comma-Separated List: Separate multiple exclusions with commas. For example,
node_modules/,dist/, docs/)Avoid leading slashes: Use
dist/,not /dist/
Click .