Skip to main content

Creating a New Project and Scanning from a Repository URL


  • Initiating a scan is possible only within an existing project.

  • API Security currently supports Java - Spring 2.x and C# - ASP.NET 4.x Web API only.

To open the New Scan dialog:

  1. In the Application and Projects home page click Projects.

  2. Click <Scans.png Scan>. The New Scan dialog appears.


To define the new scan:


Mandatory fields are marked with red_asterix.png.

  1. In the New Scan dialog, enter the name of the project, if it is a new project. If it is an existing project, select it from the drop-down list.



    If the project doesn’t exist, the option to create it will be automatically presented.

  2. Type the desired name for the project in the Project Name field, for example Test_J, and then enter it by clicking Create New Project “genric_type”.

  3. Click on Create New Project


    Once creating a new Project, the Incremental_Scan.png checkbox is greyed out. For additional information on incremental scans, refer to Incremental Scans (SAST Scanner).

  4. Under Source to Scan , select Repository.

  5. Enter the Repository URL and click <Fetch Branches>.


    For private repositories, a Token field is added as well.

  6. Under Branch, select the branch to be scanned. You can scan the master branch or any branch below it in the repository.

  7. Under Scan Tags, add a tag to the new scan (optional).

    Tags are optional in 2 different formats:

    Label: <string>

    key:value: <string:string>

  8. Check Completed.png Save as default repository for the project. It is possible to set the Repository details (URL + Token) as default.

    The details will be saved in the Project Settings - Configuring General Project Settings.

  9. Click <Next>. The New Scan dialog appears and you are asked to select the scanners.

  10. Select one or more scanners.

  11. Click <Scan>. The New Scan dialog closes and the scan starts.



  • If you select API Security, SAST is selected as well as API Security utilizes the SAST code to detect APIs.

  • Creating a new project and scanning a file may take a few minutes.