Scanners

New scanners can be added to a project in this window. For a scanner to be available on the drop-down menu, it should first be activated under Integrations.

It is also possible to edit the settings of an existing scanner or delete a scanner from a project in this section.

🚧

Deleting a scanner from the project results in deleting all vulnerabilities previously discovered by that scanner.

If an open-source scanner is added to a project, the source control section must be filled out first.

When a scanner is selected and the "Add" button is clicked, for most commercial scanners (except for Checkmarx, where projects can be created on Checkmarx via the Kondukto interface), a project that is already available on the scanner needs to be mapped to the project on Kondukto.

Scans can be scheduled using a scheduler or webhooks in the software development lifecycle. For the webhook to function correctly, the secret key generated by Kondukto in the ALM tool should be entered.

If webhooks are used in a busy project where many pull requests or merge attempts occur in short periods, scheduled webhooks can be used. When set to a specific time of the day, scheduled webhooks check whether the desired event has been triggered within the last 24 hours to decide whether to start a daily scan or not.