sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf5a45c958a00d24d902b9cd67cb754f4bf66a6f
compliance-scanner-agent/docs/guide/repositories.md
Sharang Parnerkar 94552d1626
All checks were successful
CI / Format (push) Successful in 3s
Details
CI / Clippy (push) Successful in 3m13s
Details
CI / Security Audit (push) Has been skipped
Details
CI / Tests (push) Has been skipped
Details
Add VitePress documentation site with complete user guides 
Covers getting started, repositories, scanning, findings, configuration,
SBOM, code graph, impact analysis, DAST, AI chat, issue tracker integration,
Docker deployment, environment variables, Keycloak auth, and OpenTelemetry.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 01:18:58 +01:00

2.1 KiB
Raw Blame History

Adding Repositories

Repositories are the core resource in Compliance Scanner. Each tracked repository is scanned on a schedule and its results are available across all features.

Adding a Repository

  1. Navigate to Repositories in the sidebar
  2. Click Add Repository at the top of the page
  3. Fill in the form:
    • Name — A display name for the repository
    • Git URL — The clone URL (HTTPS or SSH), e.g. https://github.com/org/repo.git
    • Default Branch — The branch to scan, e.g. main or master
  4. Click Add

The repository appears in the list immediately. It will not be scanned until you trigger a scan manually or the next scheduled scan runs.

::: tip For private repositories, configure a GitHub token (GITHUB_TOKEN) or GitLab token (GITLAB_TOKEN) in your environment. The agent uses these tokens when cloning. :::

Repository List

The repositories page shows all tracked repositories with:

Column Description
Name Repository display name
Git URL Clone URL
Branch Default branch being scanned
Findings Total number of security findings
Last Scanned Relative timestamp of the most recent scan

Triggering a Scan

Click the Scan button on any repository row to trigger an immediate scan. The scan runs in the background through all phases (clone, SAST, SBOM, CVE, graph). You can monitor progress on the Overview page under recent scan runs.

Deleting a Repository

Click the Delete button on a repository row. A confirmation dialog appears warning that this action permanently removes:

  • All security findings
  • SBOM entries and vulnerability data
  • Scan run history
  • Code graph data
  • Embedding vectors (for AI chat)
  • CVE alerts

This action cannot be undone.

Automatic Scanning

Repositories are scanned automatically on a schedule configured by the SCAN_SCHEDULE environment variable (cron format). The default is every 6 hours:

SCAN_SCHEDULE=0 0 */6 * * *

CVE monitoring runs on a separate schedule (default: daily at midnight):

CVE_MONITOR_SCHEDULE=0 0 0 * * *
Reference in New Issue View Git Blame Copy Permalink