# Scan Summary Reports

### Configuration

An SCM access token is necessary to enable the creation of comments against pull requests. A personal access token may be used for this purpose, but we highly recommend that a service user be created and managed by the administrator of your SCM. A PAT for the service user requires only `repo` rights to the repositories on which PR comments will be created. 

The new access token will need to be added as a secure environment variable build system as `SCM_AUTH_TOKEN`

{% hint style="info" %}
Scans must be launched as a result of a git pull/merge request originating from your SCM. 
{% endhint %}

Summary reports are created as a comment attached to your pull/merge request. They include quantitative summary data for Vulnerabilities, Licenses, Asset composition, and associated policy violations. Users may click the project name to be redirected directly to the project page to review the full scan results. 

<figure><img src="https://3093892275-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MbsieSiu0D66DBFP4uh%2Fuploads%2FjyhhiCjPKx00cONGg4Sv%2Fimage.png?alt=media&#x26;token=d366cf3c-26af-4869-8d78-4362e38f7dd7" alt=""><figcaption></figcaption></figure>

See [Installation & Configuration](https://docs.threatrix.io/threat-agent/install-config) for more details.&#x20;