Skip to main content
This guide walks you through connecting your first repository and running your first security scan. You’ll be up and running in under 5 minutes.

What You’ll Need

  • A CodeThreat account (sign up here)
  • Access to repositories you want to scan (GitHub, GitLab, Azure DevOps, or Bitbucket)
  • Admin permissions for those repositories

Step 1: Sign Up and Create Your Organization

1

Create Your Account

Visit app.codethreat.com/signup and sign up with your email or GitHub account.
Signing up with GitHub allows faster repository connection.
2

Complete Onboarding

Follow the onboarding flow to set up your organization profile and preferences.Your personal organization is created automatically.

Step 2: Connect Your Version Control System

Choose your VCS provider and follow the connection steps:
  1. Navigate to SettingsIntegrations
  2. Click Connect GitHub
  3. Authorize CodeThreat to access your repositories
  4. Select repositories to import
GitHub connection complete! Your repositories will appear in the dashboard.
View detailed GitHub setup →

Step 3: Run Your First Scan

1

Select a Repository

From your dashboard, click on a repository you just imported
2

Trigger a Scan

Click the Scan Now button in the repository view.CodeThreat will:
  • Clone your repository
  • Run SAST, SCA, Secrets Detection, and IaC Security scans
  • Process results and calculate security scores
Initial scans typically complete within 2-5 minutes, depending on repository size.
3

View Results

Once the scan completes, you’ll see:
  • Total violations by severity (Critical, High, Medium, Low, Info)
  • Violation types breakdown (SAST, SCA, SECRET, IAC)
  • Security score and trends
  • Top vulnerabilities requiring attention

Step 4: Review Your First Violation

1

Open Violations List

Click Violations in the repository navigation to see all security findings
2

Examine a Violation

Click any violation to view:
  • Code snippet showing the vulnerable code
  • Location (file and line number)
  • Severity with CVSS and EPSS scores
  • Description explaining the security risk
  • Remediation steps to fix the issue
3

Take Action

You can:
  • Fix the violation in your code
  • Suppress it if it’s a false positive
  • Assign it to a team member
  • Comment for discussion

What’s Next?

You’ve successfully connected your first repository and run a security scan. Here’s what to do next:

Enable Automated Scanning

Scan every commit and pull request automatically

Invite Your Team

Collaborate with team members on security

Enable AI Features

Let AI eliminate false positives and review PRs