Onboarding Walkthrough

When a new organization is created, the onboarding flow guides admins through five steps to go from zero to a running scan. Progress is saved per-org so you can leave and resume.

The five steps

1. Welcome. A short overview of what Vygl does and what you’ll set up. Skip if you already know.

2. Pick a code provider. Choose how you want to scan: GitHub, GitLab, Bitbucket, or local CLI only. Selecting a provider kicks off the OAuth install flow; if it fails, you loop back to this step.

3. Set up CI/CD. If you don’t already have a scan:write API key, Vygl creates one for you and shows ready-to-paste pipeline snippets for GitHub Actions, GitLab CI, Bitbucket Pipelines, and Jenkins.

4. Connect repositories. Vygl shows the repositories the integration discovered. Tick the ones you want scanned; each becomes a Vygl project automatically.

5. Completion checklist. A short list of follow-up actions — first scan triggered, findings reviewed, team invited. Tick them as you go.

Skipping and resuming

You can skip any step and come back later. Progress is saved per-org in your organization’s settings, so the next time you sign in, the flow resumes where you left off.

To revisit completed steps, navigate directly to Settings — every onboarding step has a permanent home in the settings UI:

• Connections — manage SCM integrations (step 2)
• API Keys — manage CI keys (step 3)
• Connections → repository list — manage scanned repos (step 4)

Container registries aren't part of onboarding

Onboarding covers source-code scanning. To scan container images, navigate to Settings → Registries separately. See Connecting Registries.

Permissions

All onboarding actions respect RBAC — only owners and admins can install integrations or create API keys. Members and viewers can complete the welcome step but will be blocked from setup actions.

API keys created during onboarding are scoped to scan:write only — narrow enough to use safely in CI without granting admin powers.