Adding Repositories
Repositories are the core resource in Compliance Scanner. Each tracked repository is scanned on a schedule and its results are available across all features.
Adding a Repository
- Navigate to Repositories in the sidebar
- Click Add Repository at the top of the page
- Fill in the form:
- Name — A display name for the repository
- Git URL — The clone URL (HTTPS or SSH), e.g.
https://github.com/org/repo.git - Default Branch — The branch to scan, e.g.
mainormaster
- Click Add
The repository appears in the list immediately. It will not be scanned until you trigger a scan manually or the next scheduled scan runs.
TIP
For private repositories, configure a GitHub token (GITHUB_TOKEN) or GitLab token (GITLAB_TOKEN) in your environment. The agent uses these tokens when cloning.
Repository List
The repositories page shows all tracked repositories with:
| Column | Description |
|---|---|
| Name | Repository display name |
| Git URL | Clone URL |
| Branch | Default branch being scanned |
| Findings | Total number of security findings |
| Last Scanned | Relative timestamp of the most recent scan |
Triggering a Scan
Click the Scan button on any repository row to trigger an immediate scan. The scan runs in the background through all phases (clone, SAST, SBOM, CVE, graph). You can monitor progress on the Overview page under recent scan runs.
Deleting a Repository
Click the Delete button on a repository row. A confirmation dialog appears warning that this action permanently removes:
- All security findings
- SBOM entries and vulnerability data
- Scan run history
- Code graph data
- Embedding vectors (for AI chat)
- CVE alerts
This action cannot be undone.
Automatic Scanning
Repositories are scanned automatically on a schedule configured by the SCAN_SCHEDULE environment variable (cron format). The default is every 6 hours:
SCAN_SCHEDULE=0 0 */6 * * *CVE monitoring runs on a separate schedule (default: daily at midnight):
CVE_MONITOR_SCHEDULE=0 0 0 * * *