Auto-Scan on Push
CodeStax automatically triggers security scans when code is pushed to your default branch.
How It Works
When you push code to your repository’s default branch (e.g., main), CodeStax receives a webhook event and automatically starts a smart scan. No manual action required.
This gives you continuous security coverage on your primary branch without any extra configuration beyond setting up webhooks.
Supported Providers
| Provider | Event | Description |
|---|---|---|
| GitHub | push | Listens for push events to the default branch |
| Bitbucket | repo:push | Listens for repository push events to the default branch |
Configuration
Auto-scan on push is enabled by default when webhooks are configured. To set up webhooks, see Webhooks.
The scan targets the repository’s default branch only. Pushes to feature branches do not trigger auto-scans. For feature branch coverage, use PR Reviews instead.
Deduplication
If a scan is already running or pending for the same repository and branch, CodeStax skips the duplicate webhook event to avoid wasting resources. You will not see duplicate scans in your history from rapid successive pushes.
Scan Type
Auto-triggered scans use the smart scan type for fast feedback. Smart scans focus on the most impactful checks and typically complete in under two minutes.
For comprehensive analysis, trigger a deep scan manually from the dashboard or configure a scheduled scan.
Disabling Auto-Scan
To disable auto-scan while keeping PR reviews active, update the repository webhook policy in Repository Settings > Webhooks and uncheck the push event trigger.