ScanSuite
  • Introduction
  • Architecture
  • Installation
    • Technical Requirements
    • Install ScanSuite server
    • Set up DefectDojo
    • Troubleshooting
    • SSL/TLS Setup
  • Administration
    • Setup parameters and services
    • Configuring API keys for external systems
    • User administration
    • Security logs
  • Usage
    • Products
    • Performing a static code analysis
      • Git repository authentication
      • Scheduling Periodic and Incremental Scans
      • (Optional) Compiling the code
      • Executing the OpenAI scan
    • Managing scan execution
    • Working with scan results
      • Checking for exploitable vulnerabilities
      • Export to Securitm
      • (Optional) Parsing CSV exports
    • Performing dynamic web scanning
      • Authenticated scans
      • API scans
    • Running infrastructure tests
    • Scheduling the scan
    • Creating own scanning rules
  • Versions History
    • v 1.0
    • v 1.1
    • v 1.2
Powered by GitBook
On this page
  1. Usage
  2. Performing a static code analysis

Git repository authentication

To analyze source code from private repositories, you can authenticate access using SSH keys.

🔒 Currently, SSH key authentication is the only supported method for accessing protected repositories.

Step-by-Step Instructions

1. Generate an SSH Key

  • Create a new SSH key using a standard tool like ssh-keygen.

  • Do not use a passphrase when generating the key — passphrase-protected SSH keys are not supported.

⚠️ Important: Omit the passphrase during SSH key creation to ensure compatibility.

2. Add the SSH Key to Your Repository Host

Add the public SSH key to your version control platform (e.g., GitLab, Bitbucket, or GitHub):

  • In GitLab: Settings → SSH Keys

  • In Bitbucket: Personal Settings → SSH Keys

3. Add the Private Key to Your Account

  1. Navigate to Current User → Settings in the application.

  2. Paste the private SSH key into the designated input field.

✅ Ensure the key format matches the example shown:

  • -----BEGIN OPENSSH PRIVATE KEY-----

  • -----END OPENSSH PRIVATE KEY-----

  1. Click Save to store your SSH key.

4. Specify the Repository in Static Analysis

Proceed to the Static Analysis tab and enter your Git repository path using the SSH format:

git@mydomain.com:username/reponame.git

This path format allows the platform to securely access and analyze the private repository.

PreviousPerforming a static code analysisNextScheduling Periodic and Incremental Scans

Last updated 3 days ago