Automated Scanning

CodeStax offers multiple ways to automate security scanning in your development workflow.

Auto-Scan on Push

When enabled, CodeStax automatically triggers a scan whenever code is pushed to your repository.

How It Works

1. CodeStax registers a webhook on your GitHub or Bitbucket repository
2. When you push code, the SCM provider sends a webhook event to CodeStax
3. CodeStax triggers a scan with your configured default scan type
4. Results appear on your dashboard automatically

Enable/Disable

Go to Settings → General → Scanning Preferences:

• Toggle Auto-scan on Push on or off

Scheduled Scans

Set up recurring scans on a schedule.

Creating a Schedule

1. Go to a repository’s settings
2. Set a cron expression for the schedule

Common schedules:

Schedule Options

• Scan Type — Smart or Deep
• Branch Filter — Which branch to scan (default: main)
• Active/Inactive — Pause a schedule without deleting it

Schedule Limits

Webhook Integration

GitHub Webhooks

CodeStax listens for GitHub webhook events to trigger automated PR reviews.

Supported events:

• pull_request.opened — New PR opened
• pull_request.synchronize — New commits pushed to PR
• pull_request.reopened — Previously closed PR reopened

Webhook payloads are verified using HMAC SHA-256 signatures to ensure they originate from GitHub.

Bitbucket Webhooks

Similar webhook support for Bitbucket pull requests.

CI/CD Integration

Use the CodeStax API to integrate security scanning into your CI/CD pipeline. See API Reference for details on triggering scans programmatically.

Example: GitHub Actions

- name: Trigger CodeStax Scan
  run: |
    curl -X POST \
      -H "X-API-Key: ${{ secrets.CODESTAX_API_KEY }}" \
      -H "Content-Type: application/json" \
      -d '{"repository_id": "your-repo-id", "scan_type": "smart"}' \
      https://codestax.co/api/scans/trigger

Scan Timeouts

Configure scan timeout in Settings → General → Scanning Preferences: