Overview
Scanner settings control how ZeroPath scans your repositories — which tools run, how findings are filtered, how PRs are handled, and when scheduled scans execute. Settings follow a cascading inheritance model.Settings Inheritance
Settings are applied in a three-level cascade:- Organization settings apply to all repositories as the default baseline.
- Tag settings override organization defaults for repositories with that tag. Tags have a priority order — higher priority tags override lower ones.
- Repository settings override everything for a specific repository.
Scan Module Toggles
Each scanning module can be enabled or disabled independently for full scans and PR scans:| Module | What It Scans |
|---|---|
| SAST | Static code analysis across all supported languages |
| SCA | Dependency vulnerability scanning |
| IaC | Infrastructure-as-code misconfiguration detection |
| Secrets | Hardcoded credentials and API keys |
| EOL | End-of-life / unsupported dependency detection |
Key Settings
Full Scan Settings
| Setting | Default | Description |
|---|---|---|
| Confidence filter | Strict | Threshold for including findings: Strict (fewer, higher confidence), Balanced, or Permissive (more findings) |
| Auto-patching | Off | Automatically generate patches for qualifying findings |
| Auto-PR creation | Off | Automatically open PRs for generated patches |
| Patch threshold | 80 | Minimum score (0–100) for auto-patching |
| PR threshold | 80 | Minimum score for auto-PR creation |
| Custom rules only | Off | Disable built-in scanning; only evaluate custom rules |
PR Scan Settings
| Setting | Default | Description |
|---|---|---|
| PR scanning enabled | Off | Master toggle for PR scanning |
| Inline review comments | On | Post inline comments on affected diff lines |
| PR summary comment | On | Post a summary comment on the PR |
| Check failure threshold | 75 | Score at which the VCS check is marked as failing |
| Result inclusion threshold | 0 | Minimum score for a finding to appear in PR feedback |
| Scan timeout | 10 min | Maximum time before the scan times out |
| Auto-patching | On | Generate fix suggestions for PR scan findings |
| Confidence filter | Strict | Same as full scan, applied to PR scans |
| Scan draft MRs | Off | Whether to scan GitLab draft merge requests |
| Scan bot PRs | Off | Whether to scan PRs opened by automation |
PR Templates
Customize the appearance of auto-generated fix PRs:| Template | Description |
|---|---|
| PR title template | Custom format for generated PR titles |
| PR description template | Custom format for PR descriptions |
| Branch name format | Custom format for fix branch names |
| Commit message format | Custom format for fix commit messages |
Scan Scheduling
Configure recurring scans using cron expressions:- Navigate to your repository’s scanner settings.
- Under Scan Schedule, enter a cron expression (e.g.,
0 2 * * 1for every Monday at 2 AM). - Optionally specify a target branch (defaults to the repository’s default branch).
Scan Scope Controls
Directory Partitions (Monorepo Support)
For monorepos, configure directory partitions to scan specific sub-directories as independent applications:- Each partition is analyzed separately with its own application discovery.
- PR scans route to the correct partition based on changed files.
Path Whitelist / Blacklist
Use glob patterns to focus or exclude specific paths from scanning:- Whitelist patterns — only scan files matching these patterns.
- Blacklist patterns — exclude files matching these patterns.
Configuring Settings
From the Dashboard
- Navigate to Scanner in the ZeroPath dashboard.
- Select the Organization, Tag, or Repository level.
- Modify settings as needed.
- Changes take effect on the next scan.