Automated Scanning

Automate security scanning to catch vulnerabilities as soon as they’re introduced.

​

Scan Workflow Overview

CodeThreat runs scans automatically in two scenarios:

​

Why Automate Scanning?

---

​

Scan Triggers

CodeThreat automatically triggers scans based on repository events:

​

On Push

Scan whenever code is pushed to tracked branches. Use case: Continuous monitoring of main branches (main, develop, staging). Configuration: Enable in Repository Settings → Automation Behavior:

• Commit pushed → Webhook fires → Scan triggered
• Scan results appear in dashboard within minutes
• Team notified of new violations (if configured)

​

On Pull Request

Scan pull requests before merging to prevent vulnerable code from entering main branches. Use case: Security gate in code review process. Configuration: Enable in Repository Settings → Automation Behavior:

• PR created/updated → Scan triggered
• Only changed files analyzed (faster)
• Results posted as PR check
• Comments added to vulnerable lines (if enabled)

---

​

Setting Up Automated Scanning

---

​

Webhook Health

Automated scanning relies on webhooks. Ensure webhooks are functioning:

​

Verify Webhook Status

• GitHub: Repository → Settings → Webhooks → Check recent deliveries
• GitLab: Project → Settings → Webhooks → Test webhook
• Azure DevOps: Project → Service hooks → Test hook

​

Troubleshooting

• Verify webhook URL is correct
• Check webhook is active in VCS settings
• Ensure repository has webhook configured
• Check firewall allows webhook connections

---

​

Best Practices

• Enable on-push scanning for default branch
• Enable PR scanning for all repositories
• Monitor webhook health regularly
• Configure notifications for critical findings

---

​

Next Steps