Skip to main content
Once a repository is connected, you can scan it on demand.
1

Open the repository

Go to Repositories and select the repo you want to scan.
2

Start a deep scan on the default branch

Run a deep scan on the branch your team trusts as the baseline (usually main). Keep the first run simple: one repository, one branch. You can include several repositories later for a multi-repo scan.
3

Wait for the pipeline to finish

Gecko generates the wiki, indexes the code, discovers endpoints, and analyzes security-sensitive files. Progress is shown on the scan.
4

Review results

Open the Vulnerabilities tab to triage findings, the Endpoints tab for the attack surface, and the Wiki tab for the codebase overview. See Findings & remediation.
1

Connect one provider first

Start with the code host your team uses for private repositories.
2

Pick a repository with clear ownership

The first scan is easier to act on when the team knows who validates and fixes issues.
3

Run a baseline on the default branch

Don’t overcomplicate the first run with extra variables.
4

Expand after the first clean loop

Add more repositories, turn on PR checks, and schedule scans.

Repository views

Each repository has tabs for Overview, Vulnerabilities, Scans, Endpoints, Wiki, and Settings, so you can move between the latest results and historical scans in one place.