Scan Triggers
When enabled, auto-scan runs on:| Event | Description |
|---|---|
| Pull Request Opened | Scans new PRs immediately |
| Pull Request Updated | Re-scans when commits are pushed |
| Push to Default Branch | Scans merges to main/master |
Enabling Auto Scan
Per Repository
- Go to Repositories
- Click settings (gear icon) on a repository
- Toggle “Auto Scan” on
For All Repositories
- Go to Settings → Integrations → GitHub
- Enable “Auto Scan for New Repositories”
- New repositories will have auto-scan enabled by default
Configuration Options
Default Branch Scanning
Control when default branch scans occur:- On merge - Scan after PR merges (recommended)
- On push - Scan every push to default branch
- Disabled - Don’t scan default branch automatically
PR Scan Settings
Configure PR scanning behavior:| Setting | Description |
|---|---|
| Scan on open | Scan when PR is created |
| Scan on update | Re-scan when new commits pushed |
| Skip draft PRs | Don’t scan draft pull requests |
Scan Frequency
Vidoc rate-limits scans to prevent abuse:- PR scans - Immediate, one per PR update
- Default branch - Batched if multiple merges occur quickly
Scan Status
Monitor auto-scan status:- Webhook delivery - Check GitHub webhook settings
- Scan history - View in Repositories → [Repo] → Scans
- PR status - Check the Pull Requests page
Disabling Auto Scan
Per Repository
- Go to Repositories
- Click settings on the repository
- Toggle “Auto Scan” off
Temporarily
Use branch patterns to exclude branches:- Repository settings → “Ignored Branches”
- Add patterns (e.g.,
feature/*)
Troubleshooting
Scans Not Triggering
- Verify GitHub integration is connected
- Check webhook delivery in GitHub repo settings
- Ensure auto-scan is enabled for the repository
- See Troubleshooting
Duplicate Scans
If you see duplicate scans:- Check if CLI and auto-scan are both running
- Verify webhook isn’t configured multiple times