Docs/Getting started

Getting started

Five minutes from zero to your first security verdict.

1

Try it without an account

The fastest path: go to shadowops.in and paste any public GitHub URL in the hero input. Hit Scan it — no signup required.

You'll land on the scan page and watch it work in real time: cloning, running rules, detecting patterns, building the report. A typical repo finishes in under 30 seconds.

2

Create an account

To save scan history and connect private repositories, create a free account. You can sign up with email and password, or via GitHub, Google, or another OAuth provider.

→
Once you're in, you'll see the Projects dashboard. Any scan you ran before signing up will be waiting there.
3

Connect a repo or upload files

Three ways to get code into ShadowOps:

  • Paste a URL — Works for any public GitHub, GitLab, or Bitbucket repo. No connection needed.
  • Connect via OAuth — Authorize ShadowOps read-only access to your account. Unlocks private repos.
  • Upload files — Drag-and-drop a zip of your project. Useful when you can't share a URL.
4

Run a scan

Inside a project, click Scan in the sidebar and hit Run scan. You'll watch the progress in real time:

  • ✓ Cloning repository
  • ✓ Running regex scanner
  • ✓ Detecting patterns
  • ✓ Scoring findings
  • ✓ Building report
5

Read your results

When the scan finishes you'll see your verdict.

ColourScoreMeaning
Green80–100No significant issues found
Yellow40–79Some issues worth reviewing
Red0–39Critical or high-severity issues — not safe to ship
→
At the bottom of every report you'll see What we checked and What we didn't. “No findings” means we didn't detect anything in the areas we checked — not that you're fully safe. See coverage →
6

Fix something and re-scan

Each finding tells you the exact file and line, what the problem is in plain English, and exactly what to do about it — not just “sanitize your inputs.”

Make the fix, commit it, and run a new scan. Over time your score should move from red toward green. View all past scans in History to track your progress.

7

Label findings (optional)

After reviewing a finding you can mark it Real issue or Not a problem. Labels help ShadowOps learn which rules produce false positives in real code.

→
What gets stored: a short encrypted code snippet, file extension, rule, category, severity, and your label. Nothing that identifies you or your repo. How to opt out →