Skip to main content
This guide takes you through one complete loop: connect code, scan, triage, fix, and verify.
1

Connect a repository

Open the dashboard and go to Settings > Code Settings.
  • GitHub: install the Gecko GitHub App and pick repositories. See Connect GitHub.
  • GitLab: add a GitLab access token and instance URL. See Connect GitLab.
Evaluating Gecko on open source? Paste a public repository URL or upload a ZIP instead. No provider connection required. See Other inputs.
Self-managed GitLab or an IP-restricted network? Allowlist Gecko’s IP addresses first, or the connection will fail. See Network & IP allowlist.
2

Run a baseline scan

Pick a repository your team knows well and scan the default branch.This builds a repository wiki, maps your API endpoints, and produces your first set of findings: the security baseline you’ll improve from.
3

Review findings

Open the Vulnerabilities tab. Each finding includes a severity (CVSS 4.0), a confidence score, the full source-to-sink call chain, a proof of concept, and a suggested patch.Start with anything touching auth, secrets, remote execution, or external network access.
4

Fix and verify

Click Request fix to open a gecko/* pull request with the patch applied, or apply the patch yourself. See Auto-fix PRs.When the fix merges, Gecko rechecks the finding and marks it Fix verified once the vulnerability is gone.

Next steps

Turn on PR checks

Scan every pull request and block merges above a severity threshold.

Route findings to your tools

Jira, Linear, Slack, ClickUp, and Shortcut.

Invite your team

Roles and the permission matrix.

Set up SSO

Okta SAML and SCIM provisioning.