SCAN

SCAN Plugin Configuration Reference

This document provides a comprehensive reference for all configuration options available in the SCAN Gradle Plugin.

Configuration Overview

All SCAN configuration is done through the scan extension block in your build.gradle.kts:

scan {
    // Configuration options go here
}

Basic Configuration

failOnSecrets

  • Type: Boolean
  • Default: true
  • Description: Fail the build when secrets are detected
scan {
    failOnSecrets = false  // Only warn, don't fail build
}

verbose

  • Type: Boolean
  • Default: false
  • Description: Enable detailed console output
scan {
    verbose = true  // Show detailed scanning progress
}

warnOnSecrets

  • Type: Boolean
  • Default: true
  • Description: Show warnings even when not failing the build
scan {
    warnOnSecrets = false  // Suppress warning messages
}

Pattern Configuration

includePatterns

  • Type: Set<String>
  • Default: Common source file patterns
  • Description: Ant-style patterns for files to include in scanning
scan {
    includePatterns = setOf(
        "src/**/*.kt",
        "config/**/*.yml",
        "*.properties"
    )
}

excludePatterns

  • Type: Set<String>
  • Default: Build directories and generated files
  • Description: Ant-style patterns for files to exclude from scanning
scan {
    excludePatterns = setOf(
        "**/build/**",
        "**/test-data/**",
        "**/*.generated.*"
    )
}

scanTests

  • Type: Boolean
  • Default: true
  • Description: Whether to scan test directories
scan {
    scanTests = false  // Skip test directories entirely
}

Scan Settings

strictMode

  • Type: Boolean
  • Default: false
  • Description: Enable all detectors with maximum sensitivity
scan {
    strictMode = true  // Maximum security, may increase false positives
}

entropyThreshold

  • Type: Double
  • Default: 4.5
  • Description: Minimum entropy threshold for random string detection (0.0-8.0)
scan {
    entropyThreshold = 5.0  // Higher = fewer false positives
}

customPatterns

  • Type: List<String>
  • Default: emptyList()
  • Description: Custom regex patterns for organization-specific secrets
scan {
    customPatterns = listOf(
        "MYCOMPANY_API_[A-Z0-9]{32}",
        "INTERNAL_SECRET_.*"
    )
}

Output Configuration

generateHtmlReport

  • Type: Boolean
  • Default: false
  • Description: Generate an HTML report with detailed findings
scan {
    generateHtmlReport = true
}

generateJsonReport

  • Type: Boolean
  • Default: false
  • Description: Generate a JSON report for CI/CD integration
scan {
    generateJsonReport = true
}

Performance Settings

maxThreads

  • Type: Integer
  • Default: 4
  • Description: Maximum number of threads for parallel scanning
scan {
    maxThreads = 8  // Use more threads for faster scanning
}

File Exclusions

ignoreTestFiles

  • Type: Boolean
  • Default: true
  • Description: Skip scanning test files and directories
scan {
    ignoreTestFiles = false  // Include test files in scanning
}

Environment Variables

SCAN supports various environment variables for configuration:

  • SCAN_FAIL_ON_SECRETS - Override failOnSecrets setting
  • SCAN_VERBOSE - Enable verbose output
  • SCAN_OUTPUT_DIR - Set custom output directory

Complete Examples

Development-Friendly Setup

scan {
    failOnSecrets = false
    warnOnSecrets = true
    verbose = true
    generateHtmlReport = true
    ignoreTestFiles = true
}

High-Security Production Setup

scan {
    strictMode = true
    failOnSecrets = true
    entropyThreshold = 4.0
    generateHtmlReport = true
    generateJsonReport = true
    
    customPatterns = listOf(
        "COMPANY_SECRET_[A-Z0-9]{32}",
        "INTERNAL_API_KEY_.*"
    )
}

CI/CD Optimized Setup

scan {
    val isCI = System.getenv("CI")?.toBoolean() ?: false
    
    failOnSecrets = isCI
    warnOnSecrets = true
    generateJsonReport = isCI
    generateHtmlReport = !isCI
    verbose = isCI
}

Related Documentation