Projects & Scanning
Projects are the core organizational unit in GraphNode. Learn how to create projects, upload code for local scanning, connect repositories for automated analysis, configure scan schedules, and manage scan engines.
Creating a Project
Each project in GraphNode represents a codebase to be scanned. Projects serve as the main organizational unit, grouping scan results, audit findings, and reports together. You can configure project-level settings such as name, description, and file or folder exclusion patterns.
Navigate to the Projects page
Click Projects in the main navigation to view all existing projects.
Click "New Project"
This opens the project creation form where you configure your new project.
Configure and create
Enter the project name, description, and any file/folder exclusion patterns, then save.
Exclusion Patterns
Use exclusion patterns to skip directories or files that do not need to be scanned, such as node_modules, vendor, or test folders. This reduces scan time and eliminates noise from third-party or test code.
Local Scan
Local scans allow you to upload a ZIP archive containing your source code directly to GraphNode. This method is ideal for one-time scans, air-gapped environments, or when you need to quickly analyze code that is not stored in a connected repository.
Drag & Drop Upload
Simply drag your ZIP archive into the upload area, or click to browse and select the file.
Exclusion Patterns
Configure file and folder exclusion patterns to skip directories like node_modules or vendor.
Repository Scan
Connect directly to your source control system for automated code retrieval on each scan. GraphNode supports GitHub, GitLab, Azure DevOps, Bitbucket, and SVN, including both cloud-hosted and self-hosted instances.
Direct Integration
Connect to your repository once, and GraphNode automatically pulls the latest code for each scan.
Branch Selection
Configure which branch to scan, allowing targeted analysis of specific release branches or feature branches.
Self-Hosted Repositories
GraphNode supports both cloud-hosted and self-hosted repository instances. For self-hosted installations, enter the full URL of your repository server. Ensure the GraphNode instance has network access to the repository host.
Scan Scheduling
Configure recurring scans to continuously monitor your codebase for new vulnerabilities. Scheduled scans automatically pull the latest code from your connected repository and run a full analysis at the specified time.
Daily
Run scans every day at a specific time
Weekly
Choose specific days of the week
Custom Cron
Fine-grained control with cron expressions
| Schedule Type | Best For | Example |
|---|---|---|
| Daily | Active projects with frequent commits | Every day at 2:00 AM |
| Weekly | Stable projects or compliance checks | Every Monday at 3:00 AM |
| Custom Cron | Specific timing requirements | 0 2 */3 * * (every 3 days) |
Engine Management
Scan engines are the worker machines that perform the actual code analysis. You can register multiple engines for parallel scanning, distribute load across machines, and monitor engine health in real time.
Parallel Scanning
Register multiple engines to scan different projects simultaneously, reducing overall scan queue times.
Health Monitoring
Track engine online/offline status in real time. Receive alerts when engines become unavailable.
Priority-Based Scheduling
The Machine Priority setting (1-10) determines which engine gets assigned scans first. Higher priority engines are preferred for new scan jobs. This allows you to direct scans to more powerful machines while keeping lower-priority engines as backup capacity.