Security Scanner overview
Concepts
Flow
What gets scanned
Next steps

Security Scanner overview

The Security Scanner analyzes your repository for vulnerabilities using AI. Run scans on demand via API or SDK, or integrate into CI. Results include severity, location, and remediation guidance.

Concepts

Concept	Description
Scan	One run over a repo (or path). Triggered by API; runs asynchronously or returns when complete depending on options.
Finding	A single issue: file, line (or range), severity, title, description, and optional fix suggestion.
Severity	e.g. `critical`, `high`, `medium`, `low`, `info`.

Flow

Trigger — POST to the scan endpoint with repo URL (or upload/source ref). Optionally wait for completion or poll.
Results — Fetch scan result by scanId. List findings with severity and location.
CI — Run scans in CI; fail the build on critical/high or on threshold you define.

What gets scanned

Dependencies (known CVEs, outdated packages).
Code patterns (secrets, unsafe patterns, config issues).
Optional: SAST-style checks (configurable per plan).

Next steps

Scan a repo

Trigger a scan via API or SDK and read results.

API reference

REST endpoints for scans and findings.

Memory API reference Scan a repo

⌘I