# Scan Summary Reports

### Configuration

An SCM access token is necessary to enable the creation of comments against pull requests. A personal access token may be used for this purpose, but we highly recommend that a service user be created and managed by the administrator of your SCM. A PAT for the service user requires only `repo` rights to the repositories on which PR comments will be created.&#x20;

The new access token will need to be added as a secure environment variable build system as `SCM_AUTH_TOKEN`

{% hint style="info" %}
Scans must be launched as a result of a git pull/merge request originating from your SCM.&#x20;
{% endhint %}

Summary reports are created as a comment attached to your pull/merge request. They include quantitative summary data for Vulnerabilities, Licenses, Asset composition, and associated policy violations. Users may click the project name to be redirected directly to the project page to review the full scan results.&#x20;

<figure><img src="/files/yJaN4p2XSuMCUXeHx19E" alt=""><figcaption></figcaption></figure>

See [Installation & Configuration](/threat-agent/install-config.md) for more details.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.threatrix.io/threat-agent/scan-summary-reports.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.