Getting started
From sign-up to your first scan and beyond. The in-app setup wizard walks you through the first steps interactively — this is the short version.
Create an account and a project
Sign up and create your first project. A project groups the machines you scan and owns the API key.
Install the agent (one command)
Each project gives you a one-line install command (a wget script). It installs Trivy and runs a full scan of the OS, installed packages and running Docker containers. Only CVE metadata leaves the machine — no files, no configs, no secrets.
See your CVEs
Scan results appear on your dashboard: vulnerabilities by severity, KEV/EPSS priority, EOL status and remediation context.
Triage and act
Mark CVEs as In Progress, Fixed, or Accepted Risk (with a reason, owner and review deadline) straight from the machine view — individually or in bulk. Set notification digests under Settings → Notifications (email, Telegram, webhook or Slack/Teams/Discord) so new findings reach you where you work.
Secure and share access
Turn on two-factor authentication (TOTP) under Settings → Security — and, as Owner/Admin, you can require it for the whole account. Invite your team with roles: Admin, Tech, Finance, or a read-only Auditor for external compliance reviewers who need to see reports but touch nothing.
The in-app setup wizard guides you through account, project and install. Already set up? See API & integrations to connect your own tooling.

