Choose the right scan input
Gecko supports a few practical ways to start analysis:GitHub
Best for private repositories that already live in the normal engineering
workflow.
GitLab
Best for GitLab-native teams that want repeatable repository-backed scans.
Public OSS URLs
Best for evaluating Gecko on public GitHub or GitLab repositories without
a private provider connection.
ZIP uploads
Best for point-in-time analysis when code is not available through a
supported provider.
Recommended rollout
Connect one provider first
Start with the code host your team already uses for private repositories.
Select one repository with clear ownership
The first scan is easier to operationalize when the team already knows who
can validate and fix issues.
Run a baseline scan on the default branch
Do not overcomplicate the first run with too many variables.
When each option is the right fit
Use GitHub or GitLab for ongoing team workflows
Use GitHub or GitLab for ongoing team workflows
Provider-backed repositories are the best fit when you want repeatable
scans, durable repository records, and cleaner follow-up work.
Use public OSS URLs for evaluation or open-source targets
Use public OSS URLs for evaluation or open-source targets
Public URLs are useful when you need signal quickly without setting up a
private provider integration first.
Use ZIP uploads for one-off reviews
Use ZIP uploads for one-off reviews
ZIP uploads work when you need a point-in-time scan for code that is not
otherwise reachable through Gecko.