Skip to main content

Project Configuration

Configure CodeThreat settings for your repositories through the dashboard.
Project-specific settings are managed in the repository settings page. Organization-wide defaults can be configured in organization settings.

Available Settings

Scan Configuration

Configure which security checks run for your repository:
  • SAST: Static application security testing
  • SCA: Software composition analysis
  • Secrets: Credential and token detection
  • IaC: Infrastructure as code security

Scan Triggers

Configure when scans run automatically:
  • On push: Scan main branch on every push
  • On pull request: Scan PRs automatically
  • Scheduled: Run scans on a schedule

File Exclusions

Exclude files or directories from scanning:
  • Test files and directories
  • Build artifacts
  • Dependencies (node_modules, vendor, etc.)
  • Configuration files

Configuration Hierarchy

Settings are applied in the following order:
  1. Organization defaults - Set in organization settings
  2. Repository settings - Configured per repository
  3. Scan settings - Override for specific scans

Best Practices

Start Conservative

Begin with stricter settings and adjust based on results

Exclude Build Artifacts

Exclude dist, build, and node_modules directories

Next Steps

Custom Rules

Create organization-specific security rules

CI/CD Integration

Add CodeThreat to your pipeline