When a user needs to introduce a new scanner to the project, they can edit the settings of an existing one or delete a scanner from a project via the scanners section. Deleting a scanner from the project results in deleting all vulnerabilities previously discovered by that scanner.
If an open-source scanner needs to be added to a project, you must fill out the source control section first. You must fill branch and tag fields before proceeding with the open-source scanners.
When a scanner is selected, and the "Add" button is clicked, for most commercial scanners (except for Checkmarx, where projects can be created on Checkmarx via the Kondukto interface), a project is already available on the scanner needs to be mapped to the project on Kondukto.
Scans can be scheduled using a scheduler or webhooks in the software development lifecycle. You must enter the secret key generated by Kondukto in the ALM tool for the webhook to function correctly. If webhooks are used in a busy project where many pull requests or merge attempts occur in short amounts, you can use scheduled webhooks. When set to a specific time of the day, scheduled webhooks check whether the desired event has been triggered within the last 24 hours to decide to start a daily scan or not.
Updated 7 months ago