Getting Started

Prerequisites

  • A CSGA tenant and active user account.
  • Access to the repository or local project folder you intend to scan.
  • Network access to the CSGA API endpoint provided to your tenant.

Recommended onboarding flow

  1. Confirm access: sign in and verify your tenant context.
  2. Set context: populate the Assets tab (owner, exposure, route patterns) for key services.
  3. Baseline scan: run a first scan on a representative repo or load demo data.
  4. Review results: validate findings with engineering owners.
  5. Set policy: use the Policy tab to set rule packs, promotions, and threat-intel sync.
  6. Operationalize: establish a scanning cadence and remediation SLAs.
  7. Community signals: use feedback and proposal voting to improve shared rule quality.

Quickstart (10 minutes)

  1. Authenticate in the desktop app.
  2. Click Load demo to preview a full verdict without scanning.
  3. Run your first local scan on a small, representative repo.
  4. Review the report, provide feedback, and export results.

Roles and responsibilities

  • Admin: tenant settings, policy bundles, approvals, and user access.
  • Reviewer: validates findings, approves fixes, and manages exceptions.
  • Contributor: runs scans and performs first-pass triage.
  • Voting participant: reviews and votes on rule proposals when enabled.

First scan (desktop)

  1. Sign in to the desktop app.
  2. Select a project folder.
  3. Start a scan and monitor progress.
  4. Review findings and export a report.

Guided first scan tips

  • Pick a repo with known web/API endpoints to see strong signal.
  • Reuse the same project name to track lifecycle changes.
  • Use the report filters to focus on critical/high findings first.

Next steps

  • Integrate the CLI into pull-request pipelines.
  • Define escalation paths for critical issues.
  • Establish a recurring review of false positives and policy tuning.
  • Configure threat-intel sync and review proposals in the Policy tab.