# Creating a scan configuration
<a name="code-security-assessments-create-configuration"></a>

 Before you create a scan configuration, you must [create an integration with Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/code-security-assessments-create-integration.html). The first time you create an integration, you're prompted to create a default scan configuration. This topic describes how to create a general scan configuration. The difference between a default scan configuration and a general scan configuration is that a default scan configuration is automatically attached to new projects. You can skip creating a default scan configuration. 

 Code Security only supports a maximum of 500 general scan configurations. Code security only supports 1 default scan configuration per account and per organization. A scan configuration only can be associated with a maximum of 100,000 projects. 

 A project can be associated with a maximum of 4 scan configurations total. This includes a default scan configuration if a default scan configuration was created. Scan configurations for an organization cannot be tagged. 

 If the delegated administrator for an organization creates a scan configuration, the scan configuration is created at the organization level and applied to all member accounts in the organization. The same occurs if the delegated administrator creates a default scan configuration. 

 When you create a scan configuration, you choose the scan frequency, scan analysis, and repositories to be scanned. The scan frequency can be change based and periodic or customized. Change-based and periodic scanning gives you the option to enable periodic scanning. If you enable periodic scanning, you set the scan frequency to the day of the week or month when a scan occurs. Customized scanning gives you the option to enable scanning when code is changed and periodic scanning. If you enable scanning when code is changed, you specify the scan trigger to include in merge and pull requests. 

 Scans can be skipped if a commit ID hasn't changed in a set amount of time. For periodic scanning, scans are skipped if a commit ID hasn't changed between scans in 1 week. For on-demand scans, scans are skipped if a commit ID hasn't changed between scans in 24 hours. 

**Note**  
 If a scan configuration only has triggers for merge requests and pull requests, only the top 25 critical or high findings are presented and only in the source code management platform. None will be visible in Amazon Inspector. 

**To create a general scan configuration**

1.  Sign in using your credentials. Open the Amazon Inspector console at [https://console.aws.amazon.com/inspector/v2/home](https://console.aws.amazon.com/inspector/v2/home). 

1.  From the navigation pane, choose **Code Security**. 

1.  Choose **Configurations**, and then choose **Create scan configuration**. 

1.  Under **Scan details**, do the following: 

   1.  For **Configuration name**, enter a name for the scan configuration. 

1.  Under **Scan frequency**, specify how often code is scanned by choosing **Change-based and periodic scanning** or **Customized scanning types and triggers**. 

   1.  (Option 1) If you choose **Change based and periodic scanning**, choose **Enable periodic scanning** or **Disable periodic scanning**. 

      1. . If you choose **Enable periodic scanning**, set the scan frequency by choosing the week and day you want code to be scanned. 

   1.  (Option 2) If you choose **Customized scanning**, decide whether to enable scanning when code is changed and periodic scanning. 

      1.  Choose **Enable scanning when code is changed** or **Disable scanning when code is changed**. If you choose **Enable scanning when code is changed**, specify when scans are triggered from the dropdown. 

      1.  Choose **Enable periodic scanning** or **Disable periodic scanning**. If you choose **Enable periodic scanning**, set the scan frequency by choosing the week and day you want code to be scanned. You can also scan on event-based triggers. These events include when a new pull request is initially opened against the default branch and when a commit is merged or pushed to the default branch. Scans are not triggered on subsequent updates or revisions to an existing pull request. To trigger a new scan, close and reopen the pull request. 

1.  Under **Scan analysis**, decide whether to configure a complete scanning analysis or customized scanning analysis: 

   1.  (Option 1) If you choose **Complete scanning analysis**, you apply all of the following scan analyses: 
      +  *Static Application Security Testing* – Analyzes source code for vulnerabilities. 
      +  *IaC scanning* – Analyzes scripts and code that configure and provision infrastructure. 
      +  *Static software composition analysis* – Examines open source packages in applications. 

   1.  (Option 2) If you choose **Customized scanning analysis**, you must choose at least one type of the previously mentioned scan analysis types from the dropdown menu: 

1.  (Optional) For **Tags**, create a key-value pair to apply to your project. You can create up to 50 tags. 

1.  Choose **Next**. 

1.  Under **Repository selection**, choose **All repositories** or **Specific repositories**. 

   1.  (Option 1) If you choose **All repositories**, scanning is enabled for any of your existing repositories. 

   1.  (Option 2) If you choose **Specific repositories**, scanning is enabled only for the repositories that you specify. 

1.  Choose **Next**. 

1.  Review your choices, and then choose **Create scan configuration**. 

**Note**  
 General scan configurations are applied to all existing code repositories only. They will not be applied to new code repositories. 

# Viewing scan configurations
<a name="code-security-assessments-view-configurations"></a>

 The following procedure describes how to view scan configurations in the Amazon Inspector console. 

**Note**  
 When you view your scan configuration at the organization level, some of the details in the **Code Security** screen will differ to reflect your AWS account. 

**To view details for a scan configuration**

1.  Sign in using your credentials, and then open the Amazon Inspector console at [https://console.aws.amazon.com/inspector/v2/home](https://console.aws.amazon.com/inspector/v2/home). 

1.  From the navigation pane, choose **Code Security**. 

1.  Choose **Configurations** to view a list of your scan configurations. If you're the delegated administrator, the list include your organization’s scan configurations. You can see the name of each scan configuration and who created each scan configuration (AWS account ID or organization ID). You can also view which scanning types and scan analysis type are applied to the configuration. You can even filter your scan configuration by different fields in the search bar. 

# Viewing details for a scan configuration
<a name="code-security-assessments-view-details-for-configurations"></a>

 The following procedure describes how to view details for a scan configuration in the Amazon Inspector console. 

**To view details for a scan configuration**

1.  Sign in using your credentials, and then open the Amazon Inspector console at [https://console.aws.amazon.com/inspector/v2/home](https://console.aws.amazon.com/inspector/v2/home). 

1.  From the navigation pane, choose **Code Security**. 

1.  Choose **Configurations**. 

1.  Choose the configuration you want to view details for. The scan configuration details screen provides an overview of the scan configuration. From this screen, you can view the scan configuration ARN, which scan frequency types are enabled, and which scan analysis types are enabled. You can also [delete](https://docs.aws.amazon.com/inspector/latest/user/code-security-assessments-delete-configuration.html) the scan configuration from this screen. If you're viewing a scan configuration that belongs to your organization, you can [edit](https://docs.aws.amazon.com/inspector/latest/user/code-security-assessments-edit-configuration.html) from this screen, too. 

# Editing a scan configuration
<a name="code-security-assessments-edit-configuration"></a>

 You can edit a scan configuration at any time. When editing a scan configuration, you can change the scan frequency, scan analysis, tags, and repositories to be scanned. For example, you edit a scan configuration to pause scanning for a particular repository. The following procedure describes how to edit a scan configuration. 

**To edit a scan configuration**

1.  Sign in using your credentials, and then open the Amazon Inspector console at [https://console.aws.amazon.com/inspector/v2/home](https://console.aws.amazon.com/inspector/v2/home). 

1.  From the navigation pane, choose **Code Security**. 

1.  Choose **Configurations**. 

1.  Select the configuration you want to edit, and then choose **Edit**. You can also choose the configuration you want to edit, and then choose **Edit**. 

# Deleting a scan configuration
<a name="code-security-assessments-delete-configuration"></a>

 You can delete a scan configuration at any time. This topic describes how to delete a scan configuration. 

**To delete a scan configuration**

1.  Sign in using your credentials, and then open the Amazon Inspector console at [https://console.aws.amazon.com/inspector/v2/home](https://console.aws.amazon.com/inspector/v2/home). 

1.  From the navigation pane, choose **Code security**. 

1.  Choose **Configurations**. 

1.  Select the configuration you want to delete, and then choose **Delete**. Or choose the configuration you want to delete, and then choose **Delete**.