c253e4ef5e
Rewrite all public documentation to be user-facing only: - Remove deployment, configuration, and self-hosting sections - Add guide pages for SBOM, issues, webhooks & PR reviews - Add reference pages for glossary and tools/scanners - Add 12 screenshots from live dashboard - Explain MCP, LLM triage, false positives, human-in-the-loop Fix edit repository modal not scrollable (max-height + overflow-y). Show full webhook URL using window.location.origin instead of path. Unset RUSTC_WRAPPER in agent cargo commands to avoid sccache errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2.7 KiB
Getting Started
Certifai is an AI-powered security compliance platform that scans your Git repositories for vulnerabilities, builds software bills of materials, performs dynamic application testing, and provides code intelligence through an interactive knowledge graph and AI chat.
What You Get
When you connect a repository, Certifai runs a comprehensive scan pipeline that covers:
- Static Analysis (SAST) -- finds code-level vulnerabilities like injection flaws, insecure crypto, and misconfigurations
- Software Bill of Materials (SBOM) -- inventories every dependency, its version, and its license
- CVE Monitoring -- cross-references your dependencies against known vulnerabilities
- Code Knowledge Graph -- maps the structure of your codebase for impact analysis
- AI Triage -- every finding is reviewed by an LLM that provides severity assessment, confidence scores, and remediation guidance
- Issue Tracking -- automatically creates issues in your tracker for new findings
Dashboard Overview
After logging in, you land on the Overview page, which gives you a snapshot of your security posture across all repositories.
The overview shows key metrics at a glance: total repositories, findings broken down by severity, dependency counts, CVE alerts, and tracker issues. A severity distribution chart visualizes your risk profile, and recent scan runs let you monitor scanning activity.
Quick Walkthrough
Here is the fastest path from zero to your first scan results:
1. Add a repository
Navigate to Repositories in the sidebar and click Add Repository. Enter a name, the Git clone URL, and the default branch to scan.
2. Trigger a scan
Click the Scan button on your repository row. The scan runs in the background through all phases: cloning, static analysis, SBOM extraction, CVE checking, graph building, and issue sync.
3. View findings
Once the scan completes, navigate to Findings to see everything that was discovered. Each finding includes a severity level, description, code evidence, and AI-generated remediation guidance.
Next Steps
- Add and configure repositories -- including private repos and issue tracker setup
- Understand how scans work -- phases, triggers, and deduplication
- Work with findings -- triage, false positives, and developer feedback
- Explore your SBOM -- dependencies, licenses, and exports