Skip to content

Onboarding Checklist

Use this checklist for the first SecureObs run with a real team.

Before You Start

  • You have admin access to the GitHub or Azure DevOps repository you want to scan.
  • You can edit the CI workflow file in that repository.
  • Docker works on the CI runner.
  • Your team has read the known limitations.

In SecureObs

  • Create a tenant. First sign-in creates one automatically and sets you as Owner.
  • Invite teammates from Settings -> Members -> Invite.
  • Create a project from Projects -> New.
  • Enable scanners in the project's Settings -> Scanners panel.
  • Set the build gate policy in Settings -> Build gate.
  • Create a project-scoped API key from API Keys -> New.

Bundled scanners today:

Scanner Category
Semgrep SAST
Gitleaks Secrets
Trivy SCA and container
Bandit Python SAST
ESLint security JavaScript SAST
OSV-Scanner SCA
Checkov IaC

In CI

  • Add SECUREOBS_API_KEY as a secret.
  • Add SECUREOBS_TENANT_ID and SECUREOBS_PROJECT_ID.
  • Add the CI snippet for your platform:
  • GitHub Actions
  • Azure DevOps
  • Push a commit and watch the pipeline.

After The First Scan

  • Open the project Findings tab and confirm rows appear.
  • Confirm the pipeline_run_id matches the CI run.
  • Suppress one test finding with a reason and confirm the suppression audit log records it.
  • Tune the build gate policy until it matches how your team wants PRs to fail.
  • Revoke any API keys used only for testing.