Getting started

From sign-up to your first scan and beyond. The in-app setup wizard walks you through the first steps interactively — this is the short version.

  1. Create an account and a project

    Sign up and create your first project. A project groups the machines you scan and owns the API key.

  2. Install the agent (one command)

    Each project gives you a one-line install command (a wget script). It installs Trivy and runs a full scan of the OS, installed packages and running Docker containers. Only CVE metadata leaves the machine — no files, no configs, no secrets.

  3. See your CVEs

    Scan results appear on your dashboard: vulnerabilities by severity, KEV/EPSS priority, EOL status and remediation context.

  4. Triage and act

    Mark CVEs as In Progress, Fixed, or Accepted Risk (with a reason, owner and review deadline) straight from the machine view — individually or in bulk. Set notification digests under Settings → Notifications (email, Telegram, webhook or Slack/Teams/Discord) so new findings reach you where you work.

  5. Secure and share access

    Turn on two-factor authentication (TOTP) under Settings → Security — and, as Owner/Admin, you can require it for the whole account. Invite your team with roles: Admin, Tech, Finance, or a read-only Auditor for external compliance reviewers who need to see reports but touch nothing.

The in-app setup wizard guides you through account, project and install. Already set up? See API & integrations to connect your own tooling.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS