sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Files
ff088f9eb4b874562ba0b97c7ca8589709989b49
compliance-scanner-agent/docs/guide/getting-started.md
Sharang Parnerkar 3ec1456b0d
All checks were successful
CI / Clippy (push) Successful in 4m56s
Details
CI / Security Audit (push) Successful in 1m48s
Details
CI / Tests (push) Successful in 5m36s
Details
CI / Deploy MCP (push) Has been skipped
Details
CI / Format (push) Successful in 6s
Details
CI / Detect Changes (push) Successful in 4s
Details
CI / Deploy Agent (push) Successful in 2s
Details
CI / Deploy Dashboard (push) Successful in 2s
Details
CI / Deploy Docs (push) Successful in 3s
Details
docs: rewrite user-facing documentation with screenshots (#11)
2026-03-11 15:26:00 +00:00

2.7 KiB
Raw Blame History

Getting Started

Certifai is an AI-powered security compliance platform that scans your Git repositories for vulnerabilities, builds software bills of materials, performs dynamic application testing, and provides code intelligence through an interactive knowledge graph and AI chat.

What You Get

When you connect a repository, Certifai runs a comprehensive scan pipeline that covers:

  • Static Analysis (SAST) -- finds code-level vulnerabilities like injection flaws, insecure crypto, and misconfigurations
  • Software Bill of Materials (SBOM) -- inventories every dependency, its version, and its license
  • CVE Monitoring -- cross-references your dependencies against known vulnerabilities
  • Code Knowledge Graph -- maps the structure of your codebase for impact analysis
  • AI Triage -- every finding is reviewed by an LLM that provides severity assessment, confidence scores, and remediation guidance
  • Issue Tracking -- automatically creates issues in your tracker for new findings

Dashboard Overview

After logging in, you land on the Overview page, which gives you a snapshot of your security posture across all repositories.

Dashboard overview showing stats cards, severity distribution, and recent scan activity

The overview shows key metrics at a glance: total repositories, findings broken down by severity, dependency counts, CVE alerts, and tracker issues. A severity distribution chart visualizes your risk profile, and recent scan runs let you monitor scanning activity.

Quick Walkthrough

Here is the fastest path from zero to your first scan results:

1. Add a repository

Navigate to Repositories in the sidebar and click Add Repository. Enter a name, the Git clone URL, and the default branch to scan.

Add repository dialog

2. Trigger a scan

Click the Scan button on your repository row. The scan runs in the background through all phases: cloning, static analysis, SBOM extraction, CVE checking, graph building, and issue sync.

3. View findings

Once the scan completes, navigate to Findings to see everything that was discovered. Each finding includes a severity level, description, code evidence, and AI-generated remediation guidance.

Findings list with filters

Next Steps

Reference in New Issue View Git Blame Copy Permalink