Skip to main content

Running a Scan


Initiating a scan is possible only within an existing project.

There are three options to scan a source file:

  • Scan a source file from a repository URL.

  • Scan a source file from a zipped file.

  • Scan an existing project (repository URL/zipped file).

To run a scan:

  1. On the Application and Projects home page select the Projects tab (default).

  2. In the row of the project that you would like to scan, click Scans.png Scan.


    The New Scan window opens. By default, under Project Name, the project of the row in which you clicked Scans.png Scan is selected.



    If you would like to scan a different project, it is possible to select a different project from the drop-down menu.

  3. In the Source to Scan section, there are 2 scan options:

    1. Scan from a zipped file:

      • With the File option selected (default), click the Select File link.

      • Select the requested zip archive file.

    2. Scan a Repository URL:

      • Click the Repository button.

      • Enter the Repository URL.

      • Click Fetch Branches button.

    3. Type your Personal Access Token and click Login

      For example:

    4. In case that the Token is incorrect, an error will be presented while trying to connect.

      For example:

  4. Under Scan Tags, add a tag to the new scan (optional)..

    Tags can be added in two different formats:

    Label: <string>

    key:value: <key string:value string>

  5. Select Completed.png Incremental Scan, if you want to only scan the latest changes and not the entire project.For additional information on Incremental scans, refer to Incremental Scans (SAST Scanner).

  6. Click Next. The New Scan dialog appears and you are asked to select the scanners.

  7. Select one or more scanners.

  8. Click Scan. The New Scan dialog closes and the scan starts.

  9. You can monitor the scan's status in the Projects tab.



  • Only API Security and SAST support incremental scans. If you select additional scanners for an Incremental Scan, a full scan is performed instead.

  • API Security currently supports Java - Spring 2.x and C# - ASP.NET 4.x Web API only.

  • If you select API Security, SAST is selected as well because API Security utilizes the SAST code to detect APIs.