Getting Started

Quickstart

Connect your first repo and see security findings in your pull requests. Estimated time: 5 minutes.

Prerequisites

A GitHub, GitLab, or Bitbucket account with at least one repository
A Gritcadence account (request access at gritcadence.com/contact)

Install the GitHub App

From your Gritcadence dashboard, click Add Repository and follow the GitHub App installation flow. You'll be redirected to GitHub to authorize the app for your organization or personal account.

Gritcadence requests read access to code and write access to pull request comments only. It does not require push access to your repository.

Select repositories

After installing the app, select which repositories to enable. You can start with one and add more later from the dashboard. Starter plan supports up to 3 repos.

Optional: add a config file

For default settings, no config file is needed. To customize scan behavior, add .gritcadence.yaml to your repo root:

.gritcadence.yaml

1version: 1

2scan:

3 severity_threshold: medium

4 exclude_paths:

5 - tests/fixtures/**

6 - vendor/**

Open a pull request

Push a commit and open a pull request. Gritcadence will scan the changed files automatically and post findings as inline PR comments within 30–90 seconds depending on repo size.

terminal

$ git checkout -b feature/add-auth

$ git commit -am "Add user authentication"

$ git push origin feature/add-auth

# → open PR → Gritcadence scan triggers automatically

See findings inline

Any findings appear directly in the PR as review comments at the exact line. Each comment includes the rule ID, severity, a short explanation, and a suggested fix when available.

No configuration needed to see your first findings. The default ruleset covers OWASP Top 10 for your detected languages automatically.

Next steps

Write custom rules

Encode your team's security conventions in YAML

Explore the API

Export findings, manage repos, and automate workflows