Secure Scanning
Setup Guide

Step-by-step guidance for setting up secure code scanning, connecting projects, and reviewing results.

Quick Start Overview

1

Account Setup

Create secure account with GitHub OAuth

2

Project Config

Choose storage mode and rule sets

3

Upload & Scan

Upload code for analysis

4

Review Results

Review findings and recommendations

Detailed Configuration Guide

01

Secure Account Initialization

GitHub OAuth Setup

Use GitHub OAuth for passwordless authentication. This provides secure access without storing credentials and enables repository integration for automated scanning workflows.

Organization Setup

Create or join an organization to manage team access controls. All data is strictly isolated by organization boundaries with enforced access policies.

Subscription Activation

Select an ephemeral processing plan based on your scanning volume requirements. Ephemeral mode offers cost benefits through reduced storage overhead.

02

Project Configuration & Mode Selection

Ephemeral Mode (Recommended)

  • Maximum security with zero persistent storage
  • Source code deleted after analysis
  • Encrypted intelligence archive preserved
  • Lower storage costs and compliance advantages

Persistent Mode (Advanced)

  • Full codebase retained in encrypted storage
  • Complete semantic search capabilities
  • Historical analysis and evolution tracking
  • Higher storage costs and attack surface

Ruleset Selection

Choose security rulesets based on your technology stack and compliance requirements.

  • • OWASP Top 10 for web applications
  • • SANS Top 25 for general security
  • • Language-specific security rules
  • • Custom enterprise rulesets

Integration Setup

Configure automated scanning through GitHub webhooks or API integration.

  • • GitHub repository webhooks
  • • CI/CD pipeline integration
  • • API-based submission workflows
  • • Scheduled automated scans
03

Scanning Workflow & Best Practices

File Preparation

  • Use ZIP archives for complete codebase analysis
  • Include dependency files (package.json, requirements.txt)
  • Remove sensitive configuration files before upload
  • Ensure code compiles before submission

Processing Phases

1
Scanning: Rule evaluation in memory
2
Save results: Encrypted scan data
3
Cleanup: Source code deletion

Result Interpretation

  • Review findings by severity and confidence levels
  • Use AI search to query archived intelligence
  • Export reports for compliance documentation
  • Track remediation progress over time

Performance Optimization

  • Ephemeral mode: Faster processing, lower costs
  • Batch submissions during off-peak hours
  • Use appropriate ruleset complexity
  • Monitor processing unit consumption

Migration from Persistent to Ephemeral

Assessment Phase

  • • Evaluate current search dependencies
  • • Identify critical historical data needs
  • • Assess compliance requirements
  • • Calculate cost-benefit analysis

Transition Strategy

  • • Start with new projects in ephemeral mode
  • • Gradually migrate existing projects
  • • Update CI/CD pipelines
  • • Train team on intelligence archive usage

Optimization Phase

  • • Fine-tune ruleset configurations
  • • Optimize processing unit allocation
  • • Implement automated scanning workflows
  • • Monitor security and performance metrics