Scanners

New scanners can be added to a project in this window. For a scanner to be available on the drop-down menu, it should first be activated under Integrations.

📘

Define max. scan duration section allows defining maximum time (in minutes) a scan can be running in the project. If a scan takes longer than this time, Kondukto automatically cancels the scan. Kondukto measures the scan duration by adding up the total time spent on the "Starting" and "Running" stages of a scan.

It is also possible to edit the settings of an existing scanner or delete a scanner from a project in this section.

🚧

Deleting a scanner from the project results in deleting all vulnerabilities previously discovered by that scanner.

If an open-source scanner is added to a project, the source control section must be filled out first.

When a scanner is selected and the "Add" button is clicked, for most commercial scanners (except for Checkmarx, where projects can be created on Checkmarx via the Kondukto interface), a project that is already available on the scanner needs to be mapped onto the project on Kondukto.

Scans can be scheduled using a scheduler or webhooks in the software development lifecycle. For the webhook to function correctly, the secret key generated by Kondukto in the ALM tool should be entered.

If webhooks are used in a busy project where many pull requests or merge attempts occur in short periods, scheduled webhooks can be used. When set to a specific time of the day, scheduled webhooks check whether the desired event has been triggered within the last 24 hours to decide whether to start a daily scan or not.