On-Demand Scans

On-Demand Scans

Flyingduck's On-Demand Scans allow you to manually trigger security scans on a repository at any time — provided a runner is configured and active.

This is especially helpful when:

  • Your repository hasn’t had recent commits (hence, no automated scans),
  • You want to validate the current code against the latest known vulnerabilities, or
  • You’re performing routine security assessments on important branches.

Note: On-demand scans always run against the latest commit of the specified branch.

🚀 Why Use On-Demand Scans?

  • Ensure continued security coverage even for idle branches.
  • Manually validate the latest commit for vulnerabilities.
  • Gain confidence before releases or major merges.

✅ Prerequisites

  • A Flyingduck Runner must be configured and running.
  • The repository should already be integrated into Flyingduck.

How to Perform an On-Demand Scan

Step 1: Open the Repository Dashboard

You can navigate to the desired repository using one of the following methods:

  • From the Repositories List:
    Click on the Repositories tab in the sidebar. This will take you to the list of all repositories you've integrated with Flyingduck. Locate and select the repository you want to scan.

  • Using the Search Bar:
    Use the search bar at the top navigation bar to search for your repository by name. From the search results, click on the Overview link of the desired repository.

Step 2: Trigger a Scan

In the top-right corner of the repository page, click on the Actions button and select Scan Code from the dropdown menu. A modal form will appear where you can configure your scan options.

Step 3: Choose Scan Type

Select between the following scan types using the radio buttons:

  • Smart Scan: Requires only the branch name. Automatically scans all modules (SBOM, SCA, Secrets, SAST).
  • Custom Scan: Requires the branch name. Lets you select one or more modules to scan. For instance, selecting SBOM also includes SCA, but skips Secrets and SAST.

Step 4: Submit the Scan

After selecting the scan type and entering the required details, click Submit. The runner will pick up the job and begin scanning.

Notes

  • On-demand scans are performed on the latest commit in the branch.
  • They can be triggered at any time, regardless of commit activity.
  • It's best practice to periodically run scans for critical branches even if no new commits have been made.

Keep your runner active to ensure immediate scanning whenever you trigger an on-demand scan.

Supported LanguagesReports