Prerequisites
- A GitHub account with repositories to scan
- Node.js 18+ (for CLI scanning)
Step 1: Create an Account
- Go to app.vidocsecurity.com
- Sign in with your GitHub account
- You’ll be redirected to your dashboard
Step 2: Create a Project
Projects group related repositories together. To create your first project:- Click “New Project” in the dashboard
- Enter a project name (e.g., “My App”)
- Click “Create”
Step 3: Connect GitHub
Connect your GitHub account to enable automatic scanning:- Go to Settings → Integrations
- Click “Connect GitHub”
- Authorize Vidoc to access your repositories
- Select which repositories to scan
See GitHub Setup for detailed configuration options.
Step 4: Add a Repository
- Click “Add Repository” in your project
- Select a repository from the list
- Choose the default branch to scan
Step 5: Run Your First Scan
Option A: GitHub Integration (Recommended)
Once connected, Vidoc automatically scans:- New pull requests
- Pushes to the default branch
Option B: CLI Scan
Install and run the CLI for immediate results:Step 6: Review Results
After the scan completes:- Go to Issues in your project
- Review the security findings
- Click on an issue to see details:
- Vulnerability description
- Affected code snippet
- Remediation guidance
Handling False Positives
If an issue is a false positive:- Click “Ignore” on the issue
- Provide a reason (e.g., “Input is already sanitized”)
- Vidoc creates a learning to avoid similar false positives
Next Steps
Dashboard Overview
Learn to navigate the Vidoc dashboard
GitHub PR Comments
Configure PR feedback settings
CLI Scanning
Advanced CLI scanning options
Learnings
Teach Vidoc your codebase patterns