ScanSuite
  • Introduction
  • Architecture
  • Installation
    • Technical Requirements
    • Install ScanSuite server
    • Set up DefectDojo
    • Troubleshooting
    • SSL/TLS Setup
  • Administration
    • Setup parameters and services
    • Configuring API keys for external systems
    • User administration
    • Security logs
  • Usage
    • Products
    • Performing a static code analysis
      • Git repository authentication
      • Scheduling Periodic and Incremental Scans
      • (Optional) Compiling the code
      • Executing the OpenAI scan
    • Managing scan execution
    • Working with scan results
      • Checking for exploitable vulnerabilities
      • Export to Securitm
      • (Optional) Parsing CSV exports
    • Performing dynamic web scanning
      • Authenticated scans
      • API scans
    • Running infrastructure tests
    • Scheduling the scan
    • Creating own scanning rules
  • Versions History
    • v 1.0
    • v 1.1
    • v 1.2
Powered by GitBook
On this page
  1. Usage

Performing a static code analysis

Static code analysis includes the use of various security and quality tools, such as:

  • SAST (Static Application Security Testing) tools

  • Secrets scanning

  • Dependency checks (SCA)

  • Infrastructure as Code (IACS) scanners

Scan Types Supported

The system supports both on-demand (single) and scheduled scans. Additionally, you can configure repository monitoring to periodically check for updates in a target repository and automatically perform incremental scans on any new changes.

Step-by-Step Instructions

1. Create a Product

Before initiating a scan, create a new product as described on the previous page of the documentation.

2. Provide Source Code

You can supply the source code in one of the following ways:

  • ZIP Archive: Upload a compressed folder containing one or more source code directories.

  • Git Repository Path: Specify the repository URL (both HTTPS and SSH formats are supported).

📌 If the repository requires authentication, refer to the next page for setup instructions.

3. Configure the Static Analysis

Navigate to the Static Analysis tab and:

  • Upload the ZIP archive or enter the Git repository path.

  • Select the main programming language of the project.

  • Choose any additional multi-language scanners you wish to include.

ℹ️ Language-specific scanners will automatically be triggered based on the selected Main Language.

4. Submit the Scan

  • Confirm that the Engagement ID matches the one created during product setup.

  • Click “Submit” to start the scan.

PreviousProductsNextGit repository authentication

Last updated 1 day ago