Central Configuration

The central configuration allows to set a shared scanner configuration for the organization. The central configuration, when available, will be automatically downloaded by the scanner at the beginning of the scan.

Such shared central configuration allows customization of the scanner for the organization, as scanners could be running in multiple different points, often in CI/CD pipelines running on ephemeral containers.

The commands provided for handling central configuration are:

config-upload, that collects configuration from the local scanner and uploads it to the Xygeni service. The username / apikey should have permissions for configuration upload.
conf-update, that downloads the configuration and overwrites local scanner configuration, keeping local properties related to api and proxy authentication.
conf-download, for downloading the central configuration without overwriting the local scanner configuration, typically for

The scanner needs an access token with the Upload configuration permission, or be logged as a user with the ROOT or MANAGER_POLICY roles.

The steps for creating / updating the central configuration are:

Configure the desired settings in local configuration files (xygeni*.yml files, detectors, etc.)
Upload the configuration using the util conf-upload command.
```
xygeni util conf-upload
```
(Optional) Check that the configuration was successfully uploaded with util conf-download command.
```
xygeni util conf-download
```
After later changes in the configuration, you may force update from the central configuration using the util config-update command:
```
xygeni util conf-update
```

In case you don't want to apply central configuration you can use --no-conf-download when invoking Xygeni scanner commands.

xygeni scan --no-conf-download [rest of flags ...]

PreviousCredentials Encryption NextXygeni Guardrails

Last updated 1 month ago