Global Settings

In the global settings, changes can be made to various Kondukto configurations. The working principles of Kondukto are affected by these configurations and, therefore, should be adjusted with care.

🚧

Before any modifications are made to these settings, ensuring an understanding of their implications is required. Should any uncertainty arise, it is recommended that the support team be contacted.

If not handled correctly, the stability of your Kondukto product may be affected by these configurations.

Concurrency

From the Concurrency section number of concurrent imports & scans can be adjusted.

Manually Added Vulnerabilities

By default, vulnerabilities that have been manually added can only be closed through the Kondukto UI, necessitating user action. If the preference is to alter this behavior, ensuring that the closure of the connection issue on the issue manager also closes the vulnerability, this configuration can be enabled.

Vulnerabilities can be closed manually on Kondukto(default).

Once vulnerabilities are closed on the issue manager, they will be closed as well on Kondukto.

CVSS Mapping

From this section, the assignment of CVSS scores to each severity category can be defined. The default CVSS scores are as follows, as set by Kondukto.

Deduplication

The results that come from SAST, SCA, and CS scanner categories can be deduplicated by Kondukto.

The priority list of scanners to be used when deciding on the master vulnerability, should the same vulnerability be discovered by multiple scanners, must be defined.

Git Matcher

The developers who committed the vulnerabilities to the source code are identified by the Git Matcher. This functionality is only available for SAST and IaC scanners.

Two options for Committer are available:

Code Owner: Is the person who wrote the vulnerable line of code.

Last Push Owner: Is the person who pushed a commit to the file where the vulnerability is located.

Feature Branch Mgmt.

Using this capability, vulnerabilities discovered in scans in which environment is set to Feature can automatically be deleted by Kondukto after the retention period (in days). This global setting allows to set this up for the entire organization. The rule introduced here on a global level can be overriden under project settings on a project level.

Source branch can also be set on a global level, if there is a specific branch used consistently in the entire organization, against which vulnerabilities discovered in features branches can be compared.

As an example, if source branch is set to "develop" ona global level, all vulnerabilities discovered in feature environments will be compared against vulnerabilities discovered in the develop branch of the scanned project and all actions taken on vulnerabilities (i.e. issue assignment, screenshots, false positive or risk accepted markings) in develop branch will be reflected on the vulnerabilities in feature branches to prevent double triage or remediation efforts.