Skip to content

Onboarding Walkthrough

When a new organization is created, the onboarding flow guides admins through four steps to go from zero to a running scan. Progress is saved in your browser so you can refresh the page and pick up where you left off.

  1. Welcome. A short overview of what Vygl does and what you’ll set up.

  2. Choose how to scan. Either install a managed integration (GitHub, GitLab, Bitbucket) and let Vygl run scans for you, or take the CLI/CI route and drive scans from your own pipeline. Step 2 has these two branches; both lead to step 3.

  3. Connect repositories (managed branch) or pull the scanner (CLI branch). Managed: pick the repos to scan from the discovered list — each becomes a Vygl project. CLI: docker pull vygl/vygl-cli:latest, mint an API key in Settings → API Keys, and run a one-line docker run vygl/vygl-cli scan snippet.

  4. You’re all set. A summary of your provider, repository count, and the scan engines that will run. Click Go to dashboard to start triaging.

You can skip any step and come back later. Step state is kept in browser storage, so the flow resumes on the same device but restarts on a new one. To revisit completed steps, every onboarding action also has a permanent home in Settings:

  • Connections — manage SCM integrations and the per-connection repository list (steps 2 and 3, managed branch).
  • API Keys — manage CI keys (step 3, CLI branch).

API key creation requires the admin or owner role. SCM integration installs are gated on provider-side permissions — installing a GitHub App on an org needs GitHub-side admin rights regardless of your Vygl role. Members can walk through the wizard but won’t be able to complete admin-only setup steps.

API keys created from the wizard ship with the platform’s default scope set (read, write, scan:read, scan:write, triage:write, memory:write). Today there’s no UI to narrow this — for least-privilege CI keys, mint via the API and pass the scopes array.