Step 1 — Connect a Git provider

Settings → Integrations — showing the Git provider integration card with the Connect button.

  1. Go to Settings → Integrations.
  2. Find your Git provider (GitHub or GitLab) and click Connect.
  3. Follow the OAuth authorization flow to grant Topscan read access to your repositories.

Topscan only needs read access to your code. It does not write to your repositories.

Step 2 — Select repositories

  1. Go to Repositories in the left navigation.
  2. Click Manage Repos.
  3. Select the repositories you want to monitor from the list of repositories available in your connected Git provider.
  4. Save.

Selected repositories appear in the Repositories list and will be scanned automatically.

What gets scanned

For each connected repository, Topscan scans the default branch (shown in the Branch column). The scan analyzes:

  • Source code for insecure patterns
  • Configuration files and infrastructure-as-code
  • Package dependency files (e.g. package.json, go.mod, requirements.txt) for known vulnerable packages
  • All files for hard-coded secrets and credentials

The Repositories list

After connecting, the Repositories page shows each monitored repo with:

ColumnWhat it shows
NameRepository path (e.g. org/repo-name)
BranchThe branch being scanned
LanguagePrimary languages detected
IssuesOpen SAST findings by severity
Last scanWhen the most recent SAST scan completed

What's next