What You’ll Need
- A CodeThreat account (sign up here)
- Access to repositories you want to scan (GitHub, GitLab, Azure DevOps, or Bitbucket)
- Admin permissions for those repositories
Step 1: Sign Up and Create Your Organization
1
Create Your Account
Visit app.codethreat.com/signup and sign up with your email or GitHub account.
2
Complete Onboarding
Follow the onboarding flow to set up your organization profile and preferences.Your personal organization is created automatically.
Step 2: Connect Your Version Control System
Choose your VCS provider and follow the connection steps:- GitHub
- GitLab
- Azure DevOps
- Bitbucket
- Navigate to Settings → Integrations
- Click Connect GitHub
- Authorize CodeThreat to access your repositories
- Select repositories to import
GitHub connection complete! Your repositories will appear in the dashboard.
Step 3: Run Your First Scan
1
Select a Repository
From your dashboard, click on a repository you just imported
2
Trigger a Scan
Click the Scan Now button in the repository view.CodeThreat will:
- Clone your repository
- Run SAST, SCA, Secrets Detection, and IaC Security scans
- Process results and calculate security scores
Initial scans typically complete within 2-5 minutes, depending on repository size.
3
View Results
Once the scan completes, you’ll see:
- Total violations by severity (Critical, High, Medium, Low, Info)
- Violation types breakdown (SAST, SCA, SECRET, IAC)
- Security score and trends
- Top vulnerabilities requiring attention
Step 4: Review Your First Violation
1
Open Violations List
Click Violations in the repository navigation to see all security findings
2
Examine a Violation
Click any violation to view:
- Code snippet showing the vulnerable code
- Location (file and line number)
- Severity with CVSS and EPSS scores
- Description explaining the security risk
- Remediation steps to fix the issue
3
Take Action
You can:
- Fix the violation in your code
- Suppress it if it’s a false positive
- Assign it to a team member
- Comment for discussion