> ## Documentation Index
> Fetch the complete documentation index at: https://gecko.security/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Quick start

> Connect a repository, run your first scan, and review real findings in minutes.

This guide takes you through one complete loop: connect code, scan, triage, fix,
and verify.

<Steps>
  <Step title="Connect a repository">
    Open the [dashboard](https://app.gecko.security) and go to **Settings** >
    **Code Settings**.

    * **GitHub**: install the Gecko GitHub App and pick repositories. See
      [Connect GitHub](/connect/github).
    * **GitLab**: add a GitLab access token and instance URL. See
      [Connect GitLab](/connect/gitlab).

    Evaluating Gecko on open source? Paste a public repository URL or upload a ZIP
    instead. No provider connection required. See [Other inputs](/connect/other-inputs).

    <Note>
      Self-managed GitLab or an IP-restricted network? Allowlist Gecko's IP
      addresses first, or the connection will fail. See [Network & IP allowlist](/connect/network-allowlist).
    </Note>
  </Step>

  <Step title="Run a baseline scan">
    Pick a repository your team knows well and scan the default branch.

    This builds a [repository wiki](/concepts/repository-wiki), maps your
    [API endpoints](/concepts/api-spec), and produces your first set of findings:
    the security baseline you'll improve from.
  </Step>

  <Step title="Review findings">
    Open the **Vulnerabilities** tab. Each finding includes a severity (CVSS 4.0),
    a confidence score, the full [source-to-sink call chain](/concepts/findings),
    a proof of concept, and a suggested patch.

    Start with anything touching auth, secrets, remote execution, or external
    network access.
  </Step>

  <Step title="Fix and verify">
    Click **Request fix** to open a `gecko/*` pull request with the patch
    applied, or apply the patch yourself. See [Auto-fix PRs](/remediation/auto-fix-prs).

    When the fix merges, Gecko rechecks the finding and marks it **Fix verified**
    once the vulnerability is gone.
  </Step>
</Steps>

## Next steps

<CardGroup cols={2}>
  <Card title="Turn on PR checks" icon="code-pull-request" href="/scanning/pr-checks">
    Scan every pull request and block merges above a severity threshold.
  </Card>

  <Card title="Route findings to your tools" icon="plug" href="/integrations">
    Jira, Linear, Slack, ClickUp, and Shortcut.
  </Card>

  <Card title="Invite your team" icon="users" href="/teams-permissions">
    Roles and the permission matrix.
  </Card>

  <Card title="Set up SSO" icon="key" href="/access/okta-saml-onboarding">
    Okta SAML and SCIM provisioning.
  </Card>
</CardGroup>
