Configuration levels
Organisation level
Settings apply to all repositories in your organisation by default. Use this to set a consistent scan baseline across your entire workspace.
Repository level
Settings apply to a single repository and override the organisation defaults. Use this to customise scan behaviour for repositories that need different rules.
Repository-level settings take precedence over organisation-level settings. If
a setting is not configured at the repository level, the organisation default
applies.
Organisation-level configuration
To configure org-level settings, navigate to Agent Setup → Repository Review in the Garth dashboard. Changes here apply to every repository in your organisation unless a repository overrides them.Repository-level configuration
To configure settings for a specific repository, navigate to Agent Setup → Repository Review → Repository Setup, select the repository, and open the Repository Review tab.Configuration options
The following options are available at both the organisation and repository level.Scan categories
Enable or disable individual scan categories for a repository. By default all categories are enabled. Turn off categories that are not relevant to a given repository to reduce noise.| Category | Default |
|---|---|
| Secret scan | Enabled |
| SCA | Enabled |
| SAST | Enabled |
| IaC | Enabled |
| Code complexity | Enabled |
| Code duplicates | Enabled |
Include file patterns
Limit scanning to only the files and directories that match a set of patterns. When include patterns are configured, Garth analyses only the matching files and ignores everything else. Use this to focus scanning on specific areas of a monorepo or a large codebase — for example, scan only application source code and skip documentation, configuration, or tooling directories. Use this to target:- Specific source directories (for example,
src/**,app/**) - A particular language or file type (for example,
**/*.py,**/*.tf) - A single service within a monorepo (for example,
services/payments/**)
Exclude file patterns
Skip scanning for specific files or directories. Files matching an exclude pattern are not analysed in any scan category. Use this to ignore:- Auto-generated files (for example,
**/*.generated.*) - Database migration files (
migrations/**) - Vendored or third-party code (
vendor/**,node_modules/**) - Test fixtures or mock data (
**/__fixtures__/**) - Build artefacts or lock files (
dist/**,*.lock)
When both include and exclude patterns are configured, include patterns are
applied first to narrow the scope, then exclude patterns are applied to remove
specific files from the result. Exclude patterns always take precedence over
include patterns.
Scan schedule
Configure a recurring schedule to automatically run scans on your repositories. Scheduled scans run at the defined interval without any manual trigger.| Options | Daily, Weekly, or a custom interval |
| Configuration | Set from the repository settings page in the Garth dashboard |
Manual scan
Trigger a scan at any time from the Repository Scan page in the Garth dashboard, independent of the configured schedule. Useful before a release, after a significant merge, or when you want to check the current state of a repository on demand.Open the Repository Scan page
Navigate to Repository Scan in the Garth dashboard.
Select a repository
Choose the repository you want to scan from the list. The page updates to show the latest scan results for that repository.
Trigger a scan
Click Run scan to start a manual scan immediately. Garth will analyse the repository and surface findings once the scan is complete.