Connect a repository
Open the dashboard and go to Settings >
Code Settings.
- GitHub: install the Gecko GitHub App and pick repositories. See Connect GitHub.
- GitLab: add a GitLab access token and instance URL. See Connect GitLab.
Self-managed GitLab or an IP-restricted network? Allowlist Gecko’s IP
addresses first, or the connection will fail. See Network & IP allowlist.
Run a baseline scan
Pick a repository your team knows well and scan the default branch.This builds a repository wiki, maps your
API endpoints, and produces your first set of findings:
the security baseline you’ll improve from.
Review findings
Open the Vulnerabilities tab. Each finding includes a severity (CVSS 4.0),
a confidence score, the full source-to-sink call chain,
a proof of concept, and a suggested patch.Start with anything touching auth, secrets, remote execution, or external
network access.
Fix and verify
Click Request fix to open a
gecko/* pull request with the patch
applied, or apply the patch yourself. See Auto-fix PRs.When the fix merges, Gecko rechecks the finding and marks it Fix verified
once the vulnerability is gone.Next steps
Turn on PR checks
Scan every pull request and block merges above a severity threshold.
Route findings to your tools
Jira, Linear, Slack, ClickUp, and Shortcut.
Invite your team
Roles and the permission matrix.
Set up SSO
Okta SAML and SCIM provisioning.