Project Scanners
Run customizable scans on your repository and keep your project in good shape.
How it works
A project scanners allow Snapr to automatically run analysis jobs on your repositories, keeping your project clean, secure, and compliant with your rules.
1. The definition
A Project Scanner defines what should be checked in your repository. It can be:
- A built-in scanner, provided by Snapr (e.g. dependency audits, code quality, Dockerfile linting, etc.)
- A custom scanner, defined by the user using a configuration file or container image.
2. The scheduling
Depending on how it’s configured, Snapr will create either:
- A Kubernetes Job, for one-time or manually triggered scans
- A Kubernetes CronJob, for scheduled or periodic scans
Each scanner runs in an isolated environment to ensure safety and reproducibility.
3. The execution
When triggered, the scanner:
- Clones or mounts the target repository
- Executes the scanning logic (script, binary, or command)
- Collects the results and reports them back to Snapr
Snapr records logs and outcomes for each scan execution.
4. The reporting
Automatically creates Issues when problems are detected, including detailed context and remediation hints
5. The customization
Users can:
- Define new scanners by providing their own Docker image and entrypoint
- Configure environment variables, schedules, and resource limits
- Reuse or share scanners across multiple repositories and projects