# Getting Started

Compliance Scanner is a security compliance platform that scans your Git repositories for vulnerabilities, builds software bills of materials, performs dynamic application testing, and provides AI-powered code intelligence.

## Architecture

The platform consists of three main components:

- **Agent** — Background service that clones repositories, runs scans, builds graphs, and exposes a REST API
- **Dashboard** — Web UI built with Dioxus (Rust full-stack framework) for viewing results and managing repositories
- **MongoDB** — Database for storing all scan results, findings, SBOM data, and graph structures

## Quick Start with Docker Compose

The fastest way to get running:

```bash
# Clone the repository
git clone <repo-url> compliance-scanner
cd compliance-scanner

# Copy and configure environment variables
cp .env.example .env
# Edit .env with your settings (see Configuration)

# Start all services
docker-compose up -d
```

This starts:
- MongoDB on port `27017`
- Agent API on port `3001`
- Dashboard on port `8080`
- Chromium (for DAST crawling) on port `3003`

Open the dashboard at [http://localhost:8080](http://localhost:8080).

## What Happens During a Scan

When you add a repository and trigger a scan, the agent runs through these phases:

1. **Clone** — Clones or pulls the latest code from the Git remote
2. **SAST** — Runs static analysis using Semgrep with rules for OWASP, GDPR, OAuth, and general security
3. **SBOM** — Extracts all dependencies using Syft, identifying packages, versions, licenses, and known vulnerabilities
4. **CVE Check** — Cross-references dependencies against the NVD database for known CVEs
5. **Graph Build** — Parses the codebase to construct a code knowledge graph of functions, classes, and their relationships
6. **Issue Sync** — Creates or updates issues in connected trackers (GitHub, GitLab, Jira) for new findings

Each phase produces results visible in the dashboard immediately.

## Next Steps

- [Add your first repository](/guide/repositories)
- [Understand scan results](/guide/findings)
- [Configure integrations](/guide/configuration)