Trace-AI
Know What You Ship. Secure What You Depend On.
Start new thread
Debadrita Banik

Connect your Github repo to get started!!

by
Trace-AI
•

Hey PH fam! 👋

We got some questions about connecting your repository to start identifying risks in your dependencies so here's a super easy guide with screenshots to get you up and running with Trace-AI!

What is Trace-AI?

Trace-AI scans your code repositories to generate SBOMs (Software Bills of Materials) and highlights risks in your dependencies. The best part? Connecting your first repository takes just a few minutes!

1. Connect Your Repository

Follow the setup process  to link your GitHub repository to Trace-AI. The integration will automatically set up the necessary workflows.

2. Monitor the GitHub Action

  • Navigate to your GitHub repository

  • Go to Repositories > Actions tab

  • Check if the action is running

  • If the action hasn't completed, wait a few minutes and refresh the page

3. View Your Results

Once the scan completes:

4. Explore Your Dashboard

Your dashboard will display:

  • Vulnerability severity levels

  • SBOM details

  • Dependencies overview

  • Latest SBOM (with download option)

  • Immediate alerts for critical issues

 If your GitHub action fails to complete, don't worry! Contact our support team at support@zerberus.ai and we'll help you get sorted. In case you’d prefer a discord chat you can ping us here 

Drop your questions below and I'll be happy to help! Let's make your dependencies secure together! 

94 views

Add a comment

Replies

Best
EricLens

This instantly caught my attention so many dev tools overcomplicate the first step but starting right from a GitHub repo makes total sense I’m curious how it handle private repos or team collaboration features looks promising.

Frank Elda
Sounds interesting! Does it work with private repos?
Ramkumar
Trace-AI

@frank_elda @eric_lens Yes, it works with private repositories.

Once you authorise the GitHub app, you can simply choose which repositories to bring "in scope" and specify the branches you want to monitor.

If by collaboration you mean external team (Outside collaborators, as per github), then yes, as the repo admin, you have full control over who can access the scan results.

We’re also open to adding a dedicated GitHub authorisation option if there’s enough demand from users who want external contributors (outside the primary domain) to view results.

Frank Elda

@eric_lens  @nocturnalknight Sounds great, thanks for the answer! I like the granularity you implemented.

Sanskar Yadav
Cal ID

Great work. Connecting straight to GitHub feels obvious, but so many tools get it wrong. Curious to see if you’ll expand to other platforms (like GitLab or Bitbucket) next.