Quick Start

Sign in with GitHub

Authentication is currently available through GitHub. When you sign in for the first time, the platform automatically creates your organisation and installs the GitHub integration on your account. This is a one-time process that takes a few seconds.

Once signed in, the integration syncs your repository list from GitHub automatically. There is no need to import repositories manually — they appear in the dashboard as soon as the initial sync completes.

Start scanning from the dashboard

The simplest way to run a scan is directly from the dashboard:

1. Open the Repositories page — your repositories are already listed there, synced automatically from your GitHub integration.
2. Find the repository you want to analyse and click the menu on the right side of its row.
3. Select Start Analysis.

The platform clones the repository, runs all configured scanners — secret detection, code quality, vulnerability analysis, and SBOM generation — and publishes the results back to the dashboard. The scan card appears on the Recent Activity page immediately with a "Processing" status, and individual scanner results populate progressively as each one completes.

No additional configuration is required for dashboard-initiated scans. The GitHub integration provides all the authentication and repository access the platform needs.

Scan from the CLI or CI/CD

If you prefer to trigger scans from a terminal or integrate them into a CI/CD pipeline, you will need an access key. Access keys authenticate API requests from external systems and can be generated from the dashboard in a few clicks.

Once you have a key, pass it to the CLI tool alongside the repository identifier and a Git token:

The CLI submits the analysis request and the platform handles the rest — cloning, scanning, enrichment, and reporting all happen server-side. Results appear in the dashboard alongside any scans triggered from the interface.

Repositories

The Repositories page is the central inventory of every repository accessible through your integrations. It merges your GitHub repository list with security scan data into a single, unified view — so you can see at a glance which repositories have been scanned and which are still waiting.

Scanned repositories display their latest results inline: a security score with letter grade, vulnerability count, code quality findings, secrets detected, and SBOM availability. Unscanned repositories appear with reduced emphasis and a one-click action to trigger their first analysis.

Summary cards at the top of the page show how many repositories have been scanned out of the total, the average security score across your organisation, and the total number of open issues. These metrics update as new scans complete.

The table supports search by repository name, filtering by organisation, scan status, and date range, and sorting by any column. Clicking a scanned repository opens its full analysis history with detailed findings across every scanner.

Recent activity

The Recent Activity page provides a chronological feed of every security scan across your organisation. Each scan appears as a card showing the repository name, branch, commit, current status, and a summary of findings — giving your team a real-time view of what is being analysed and what has been completed.

At the top of the page, summary cards display the total number of scans, how many are currently in progress, the count of critical issues found, and the average security score across all completed analyses.

Each scan card shows its progress incrementally — individual scanner results (secrets, code quality, vulnerabilities, SBOM) appear as they complete, even while the overall analysis is still running. This means you can start triaging findings before the full pipeline finishes.

The feed can be filtered by status, security score grade, and repository name, and sorted by date, score, or total issues. Clicking a card opens the full security report with detailed findings and drill-down views for every scanner.

What happens next

Every scan runs the full analysis pipeline automatically. Within minutes of triggering a scan you will have:

• A secret detection report flagging any credentials or sensitive values committed to the repository
• A code quality report identifying insecure patterns and vulnerabilities in your source code
• A vulnerability report enriched with exploitation probability and active exploitation intelligence
• A complete Software Bill of Materials with quality scoring and dependency trust data

All results are accessible through the dashboard with filtering, search, and detailed drill-down views for every finding.