Toranj.ai

Scan Configuration

Customize your security scans to match your specific requirements, compliance needs, and development workflow.

15 minutes to configure
Intermediate level

Choose Your Scan Type

Select the type of analysis that best fits your security needs

Security Scan

Recommended

Comprehensive vulnerability detection

SAST analysis
Dependency scanning
Secret detection
Code quality

Compliance Scan

Industry standards and regulatory compliance

SOC 2
PCI DSS
HIPAA
GDPR compliance

Code Quality

Code maintainability and best practices

Code complexity
Best practices
Performance issues
Documentation

Detailed Configuration

Fine-tune your scan settings for optimal results

Basic Scan Settings

Repository Settings

  • Auto-detect project structure
  • Include dependency files
  • Scan configuration files

Reporting Options

  • Include code snippets
  • Generate executive summary
  • Export in multiple formats

CLI Configuration

Configure scans using the command line interface

# Basic scan with custom config
toranj scan ./my-project --config ./toranj.yml
# Scan specific file types only
toranj scan ./my-project --include "*.js,*.ts,*.py"
# Security scan with compliance checks
toranj scan ./my-project --type security --compliance pci-dss

Configuration File Example

# toranj.yml scan: type: security include: - "src/**/*" - "lib/**/*" exclude: - "node_modules" - "*.test.js" security: severity_threshold: medium compliance: - soc2 - pci-dss reporting: format: ["json", "pdf"] include_snippets: true

Configuration Best Practices

Do's

  • Start with default settings and customize gradually
  • Test configurations on small projects first
  • Use version control for configuration files
  • Document custom rules and exceptions

Don'ts

  • Don't disable all security checks at once
  • Avoid overly broad file exclusions
  • Don't ignore high-severity findings without review
  • Don't use production data in scan tests

Next Steps

Continue setting up your security workflow

Run Your First Scan
Test your configuration with a scan
CI/CD Integration
Automate scans in your pipeline