Connect your Github repo to get started!!

by•

Hey PH fam! 👋

We got some questions about connecting your repository to start identifying risks in your dependencies so here's a super easy guide with screenshots to get you up and running with Trace-AI!

What is Trace-AI?

Trace-AI scans your code repositories to generate SBOMs (Software Bills of Materials) and highlights risks in your dependencies. The best part? Connecting your first repository takes just a few minutes!

1. Connect Your Repository

Follow the   to link your GitHub repository to Trace-AI. The integration will automatically set up the necessary workflows.

2. Monitor the GitHub Action

  • Navigate to your GitHub repository

  • Go to Repositories > Actions tab

  • Check if the action is running

  • If the action hasn't completed, wait a few minutes and refresh the page

3. View Your Results

Once the scan completes:

4. Explore Your Dashboard

Your dashboard will display:

  • Vulnerability severity levels

  • SBOM details

  • Dependencies overview

  • Latest SBOM (with download option)

  • Immediate alerts for critical issues

 If your GitHub action fails to complete, don't worry! Contact our support team at and we'll help you get sorted. In case you’d prefer a discord chat you can ping us  

Drop your questions below and I'll be happy to help! Let's make your dependencies secure together! 

101 views

Add a comment

Replies

Best
Sounds interesting! Does it work with private repos?

  Yes, it works with private repositories.

Once you authorise the GitHub app, you can simply choose which repositories to bring "in scope" and specify the branches you want to monitor.

If by collaboration you mean external team (Outside collaborators, as per github), then yes, as the repo admin, you have full control over who can access the scan results.

We’re also open to adding a dedicated GitHub authorisation option if there’s enough demand from users who want external contributors (outside the primary domain) to view results.

   Sounds great, thanks for the answer! I like the granularity you implemented.

Great work. Connecting straight to GitHub feels obvious, but so many tools get it wrong. Curious to see if you’ll expand to other platforms (like GitLab or Bitbucket) next.