Skip to content

Quick start

This guide walks you through your first scan upload.

Register and log in

Open https://servasec.local and create your account or login as admin (password in dotenv file; or randomly generated if equal null).

Create group

  1. Go to Groups and click New group
  2. Enter a name (e.g. default)

Create an application

  1. Go to Applications and click New Application
  2. Enter a name (e.g. app1)
  3. Create an Application Version if needed

Run a scanner

Run a scanner and save its output:

semgrep --config=auto --output=semgrep-results.json
trivy fs --format=json --output=trivy-results.json .
gitleaks detect --report-format=json --report-path=gitleaks-results.json

Upload results

Option A - Web UI: Go to your application detail page and upload the file.

Option B - API:

curl -X POST https://servasec.local/api/ingest \
  -H "X-Api-Token: $APP_API_TOKEN" \
  -F "[email protected]"

View findings

Go to the Findings page to see the parsed vulnerabilities. Each finding shows: - Severity (Critical, High, Medium, Low, Info) - Scanner source - File location and line number - Description and remediation

Next steps