Prerequisites
- A GitHub account with repositories to scan
- Node.js 18+ (for CLI scanning)
Step 1: Create an Account
- Go to app.vidocsecurity.com
- Sign in with your GitHub account
- You’ll be redirected to your dashboard
Step 2: Create a Project
Projects group related repositories together. To create your first project:- Click “New Project” in the dashboard
- Enter a project name (e.g., “My App”)
- Click “Create”
Step 3: Connect GitHub
Connect your GitHub account to enable automatic scanning:- Go to Settings → Integrations
- Click “Connect GitHub”
- Authorize Vidoc to access your repositories
- Select which repositories to scan
See GitHub Setup for detailed configuration options.
Step 4: Add a Repository
- Click “Add Repository” in your project
- Select a repository from the list
- Choose the default branch to scan
Step 5: Run Your First Scan
Option A: GitHub Integration (Recommended)
Once connected, Vidoc automatically scans:- New pull requests
- Pushes to the default branch
Option B: CLI Scan
Install and run the CLI for immediate results:Step 6: Review Results
After the scan completes:- Go to Issues in your project
- Review the security findings
- Click on an issue to see details:
- Vulnerability description
- Affected code snippet
- Remediation guidance
Handling False Positives
If an issue is a false positive:- Click “Ignore” on the issue
- Provide a reason (e.g., “Input is already sanitized”)
- Vidoc creates a learning to avoid similar false positives