Skip to content

Bulk Management

When managing PR scanning across dozens or hundreds of repositories, configuring each one individually is impractical. The bulk management feature lets you enable, configure, and disable PR scanning for multiple repositories at once.

Accessing Bulk Management

Navigate to PR Scanning from the left sidebar. The PR Scanning page displays all integration assets in a table with checkboxes for selection.

Selecting Repositories

Individual Selection

Click the checkbox on each repository row to select it. Selected repositories are highlighted and a count appears in the bulk action bar:

3 repositories selected    [Enable]  [Configure]  [Disable]

Select All on Page

Click the checkbox in the table header to select all repositories visible on the current page. This is useful for batch operations on a page of 25 repositories at a time.

Page-Level Selection

"Select all" applies to the current page only, not all repositories in your organization. If you have 100 repositories across 4 pages, selecting all on page 1 selects 25 repositories. Navigate to each page and select all if you need to target every repository.

Combining with Search and Filters

Use the search bar and filters to narrow the table before selecting:

  1. Search by repository name to find specific repos
  2. Filter by PR scanning status (Enabled / Disabled) to target only repos in a specific state
  3. Select all on page to select the filtered results
  4. Apply the bulk action

Example workflow: Enable PR scanning on all repos that do not have it yet:

  1. Filter by PR Scanning status: Disabled
  2. Click "Select all on page"
  3. Click Enable
  4. Repeat for additional pages if needed

Bulk Actions

Three bulk actions are available when one or more repositories are selected:

1. Enable

Enables PR scanning on all selected repositories with default settings.

What it does Details
Turns on PR scanning Each selected repository's PR scanning toggle is set to On
Applies default config Block: Critical + High. Alert: Medium + Low. Scanner: OpenGrep
Skips already enabled Repositories that already have PR scanning on are unchanged

Steps:

  1. Select the target repositories
  2. Click Enable in the bulk action bar
  3. Confirm in the dialog: "Enable PR scanning on N repositories with default settings?"
  4. Click Confirm

Quick Rollout

Use bulk enable to quickly roll out PR scanning across your organization. Start with a subset (e.g., your most critical repos), then expand to others over time.

2. Configure

Opens the bulk configuration modal where you can set alert severities, block severities, and scanner selection for all selected repositories at once.

Steps:

  1. Select the target repositories
  2. Click Configure in the bulk action bar
  3. The bulk configuration modal opens (see below)
  4. Set your desired configuration
  5. Click Apply to N repositories

The bulk configuration modal contains the same options as the per-repository configuration modal:

Alert Severities

Select which severities to alert on:

  • Critical
  • High
  • Medium
  • Low

Block Severities

Select which severities to block on:

  • Critical
  • High
  • Medium
  • Low

Scanner Selection

Select which scanners to run:

  • OpenGrep
  • Semgrep
  • Trivy
  • Grype
  • Gitleaks

Overwrite Warning

Bulk configure overwrites the existing configuration on every selected repository. If some repositories had custom configurations, those will be replaced with the bulk settings. Use this feature intentionally.

3. Disable

Disables PR scanning on all selected repositories.

What it does Details
Turns off PR scanning Each selected repository's PR scanning toggle is set to Off
Preserves configuration The saved configuration (severities, scanners) is retained so re-enabling restores it
Preserves history Past PR scan results and findings are not deleted

Steps:

  1. Select the target repositories
  2. Click Disable in the bulk action bar
  3. Confirm in the dialog: "Disable PR scanning on N repositories?"
  4. Click Confirm

Bulk Configuration Examples

Rolling Out to an Entire Organization

To enable PR scanning across all repositories with a balanced configuration:

  1. Navigate to PR Scanning
  2. On page 1, click the header checkbox to select all
  3. Click Enable and confirm
  4. Navigate to page 2, repeat until all pages are covered
  5. Go back to page 1, select all again
  6. Click Configure
  7. Set: Block Critical + High, Alert Medium + Low, Scanners: OpenGrep + Gitleaks
  8. Click Apply
  9. Repeat the configure step for remaining pages

Different Configs for Different Risk Levels

For organizations with repos at varying risk levels:

High-risk repos (payment, auth, user data):

  1. Search for your high-risk repos by name
  2. Select them
  3. Configure: Block Critical + High + Medium, Scanners: OpenGrep + Semgrep + Gitleaks

Standard repos:

  1. Filter to all other enabled repos
  2. Select them
  3. Configure: Block Critical + High, Scanners: OpenGrep + Gitleaks

Internal tooling / low-risk:

  1. Search for internal tool repos
  2. Select them
  3. Configure: Block Critical only, Scanners: Gitleaks only

Bulk Action Confirmation

Every bulk action displays a confirmation dialog before executing:

┌─────────────────────────────────────────────┐
│  Enable PR Scanning                         │
│                                             │
│  You are about to enable PR scanning on     │
│  12 repositories with default settings.     │
│                                             │
│  This will:                                 │
│  • Turn on PR scanning for all selected     │
│  • Apply default severity configuration     │
│  • Start scanning PRs immediately           │
│                                             │
│           [Cancel]     [Confirm]            │
└─────────────────────────────────────────────┘

No Undo

Bulk actions execute immediately after confirmation. There is no bulk undo. If you need to revert, perform a new bulk action with the opposite setting (e.g., bulk disable after a bulk enable).

Monitoring Bulk Changes

After applying bulk actions:

  1. The PR Scanning table refreshes to reflect the new state
  2. Filter by Enabled status to verify all target repos are configured
  3. Open a test PR on one of the affected repos to confirm scanning works
  4. Monitor the Scan Queue during the next PR event to verify scans are running

Limitations

Limitation Detail
Page-level selection only Cannot select across pages in a single action
Integration assets only Public assets do not appear on the PR Scanning page
No mixed configurations Bulk configure applies the same settings to all selected repos — you cannot set different configs per repo in a single bulk action
OPA mode Bulk actions always use Simple mode. To assign OPA policies, configure repos individually

Next Steps