Skip to content

Source Code Scanning

Source Code Scanning helps you identify security vulnerabilities directly in your source code before they reach production. By connecting your source code repository to Ostorlab, you can scan your projects for common security issues, review actionable findings, and prioritize remediation early in the development lifecycle.

This guide walks you through configuring a source code integration and launching your first scan.


⚙️ Configure a Source Code Integration

Before you can scan a repository, you need to connect your source code provider to Ostorlab.

  1. Open the Ostorlab Dashboard.
  2. Click the Hamburger Menu in the upper-left corner.
  3. Navigate to Integrations. Select Integrations
  4. Select the Source Code category. Select Source Code Category
  5. Choose the source code provider you want to connect (GitHub, GitLab, Bitbucket, Azure DevOps, or Self-Hosted Git).
  6. Follow the provider-specific configuration steps to authorize access to your repositories.

Once the integration is complete, your repositories will be available when creating a Source Code Scan.


🚀 Create a New Source Code Scan

Step 1: Run a New Scan

After configuring your integration:

  1. Open the Ostorlab Dashboard.
  2. Click the Hamburger Menu icon in the sidebar and select Scanning -> New Scan. Run a New Scan
  3. (Optional) Provide a descriptive title for your security audit. Provide Descriptive Title

Step 2: Select the Scan Asset

When creating a new scan:

  1. Select Code Repository as the scan asset. Select Code Repository
  2. Choose the repository you want to scan. Choose Repository
  3. Select the appropriate Target Type.
  4. Click Continue.

Step 3: Configure the AI Provider & Effort

The Source Code Scan is an agentic, AI-driven scan that can run using Ostorlab’s Cybermodels or your custom API key via Bring Your Own Key (BYOK).

  1. Select the AI provider you want to use for the scan, either Cybermodels or via BYOK. Select AI Provider
  2. Or select BYOK as the AI provider. Select BYOK

Step 4: Configure the Effort Level

The Effort level determines how extensively Ostorlab analyzes your repository. Higher effort levels provide broader code coverage and more in-depth analysis, but may increase scan duration and AI token consumption.

  1. Choose the effort level that best fits your repository and security requirements:
    • Core (200 tokens): Performs a fast baseline analysis, making it ideal for quick security checks during development.
    • Advanced (500 tokens): Provides a deeper analysis with broader code coverage to identify a wider range of security issues.
    • Elite (1000 tokens): Performs the most comprehensive analysis, maximizing coverage to detect complex and difficult-to-find vulnerabilities. Configure Effort Level
  2. Click Continue.

Step 5: Select a Scan Profile

Select Repository Scan Profile, then click Submit to start the scan. Select Repository Scan Profile

Step 6: Review the Results

Once the scan is complete, you can review the detected findings in the Ostorlab Dashboard.

Each finding includes its severity, affected files, and remediation guidance to help you prioritize and resolve security issues.

Review Scan Results