Scan Summary Reports

Scan summary reports are integrated directly into a pull/merge request and enable your team to quickly assess the risk and policy violations associated with the most recent build integrated scan.

Configuration

An SCM access token is necessary to enable the creation of comments against pull requests. A personal access token may be used for this purpose, but we highly recommend that a service user be created and managed by the administrator of your SCM. A PAT for the service user requires only repo rights to the repositories on which PR comments will be created.

The new access token will need to be added as a secure environment variable build system as SCM_AUTH_TOKEN

Scans must be launched as a result of a git pull/merge request originating from your SCM.

Summary reports are created as a comment attached to your pull/merge request. They include quantitative summary data for Vulnerabilities, Licenses, Asset composition, and associated policy violations. Users may click the project name to be redirected directly to the project page to review the full scan results.

See Installation & Configuration for more details.

Last updated