Quickstart

Connect your first repository and run your first scan in under 5 minutes.

This guide walks you through connecting a repository, running your first scan, reviewing findings, and merging a fix PR. You'll be up and running with PrismSec in under 5 minutes.

Prerequisites

  • A GitHub, GitLab, or Bitbucket account with admin access to at least one repository
  • A PrismSec account (sign up at prism-sec.com)

Step 1: Connect a Repository

  1. Log in to the PrismSec dashboard
  2. Click Connect Repository
  3. Select your Git provider (GitHub, GitLab, or Bitbucket)
  4. Authorize PrismSec to access your repositories
  5. Choose a repository from the list and click Connect

PrismSec only requests read access to code and write access to PR comments and branches. We never modify your main branch or access sensitive data outside the repository.

Step 2: Trigger Your First Scan

PrismSec automatically scans every new pull request. To trigger your first scan:

  1. Create a new branch in your connected repository:
git checkout -b test-prismsec
  1. Make a small change (e.g., edit a README or add a comment):
echo "Testing PrismSec scan" >> README.md
git add README.md
git commit -m "Test PrismSec integration"
git push origin test-prismsec
  1. Open a pull request on GitHub/GitLab/Bitbucket

Within seconds, PrismSec will scan the PR and post a summary comment with any findings.

Step 3: Review Findings

Findings appear as inline comments on the PR, pinned to the exact line of code where the issue was detected.

Each finding includes:

  • Severity — Critical, High, Medium, or Low
  • Category — SAST, Secret, Dependency, or IaC
  • Description — What the issue is and why it matters
  • Recommendation — How to fix it securely

Example finding:

🔴 Critical: Hardcoded API Key Detected

A Stripe API key was found in this file. Exposed secrets can lead to unauthorized access and data breaches.

Recommendation: Move this key to an environment variable and add `stripe_api_key` to .gitignore.

Step 4: Merge an Auto-Fix PR

For many findings, PrismSec automatically opens a fix PR with the secure code changes. To merge a fix:

  1. Navigate to the Pull Requests tab in your repository
  2. Find the PR titled [PrismSec] Fix: Hardcoded Secret in config.py
  3. Review the changes — PrismSec shows a diff with the insecure code removed and a secure alternative
  4. Approve and merge the fix PR

Once merged, PrismSec re-scans the original PR and marks the finding as resolved.

Step 5: Configure Scan Settings (Optional)

By default, PrismSec scans all files in your repository. To customize:

  1. Go to the PrismSec dashboard
  2. Select your repository
  3. Click SettingsScan Configuration
  4. Adjust:
    • Scan scope — Include/exclude specific paths or file types
    • Severity threshold — Only report Critical and High findings
    • Auto-fix behavior — Enable/disable automatic fix PRs

See Configuring Scans for full details.

Next Steps

Need help? Contact us at hello@prism-sec.com.