Quick start¶
This guide walks you through your first scan upload.
Register and log in¶
Open https://servasec.local and create your account or login as admin (password in dotenv file; or randomly generated if equal null).
Create group¶
- Go to Groups and click New group
- Enter a name (e.g.
default)
Create an application¶
- Go to Applications and click New Application
- Enter a name (e.g.
app1) - Create an Application Version if needed
Run a scanner¶
Run a scanner and save its output:
semgrep --config=auto --output=semgrep-results.json
trivy fs --format=json --output=trivy-results.json .
gitleaks detect --report-format=json --report-path=gitleaks-results.json
Upload results¶
Option A - Web UI: Go to your application detail page and upload the file.
Option B - API:
curl -X POST https://servasec.local/api/ingest \
-H "X-Api-Token: $APP_API_TOKEN" \
-F "[email protected]"
View findings¶
Go to the Findings page to see the parsed vulnerabilities. Each finding shows: - Severity (Critical, High, Medium, Low, Info) - Scanner source - File location and line number - Description and remediation
Next steps¶
- Configure environment variables
- Set up Teams and permissions
- Automate with Policies and webhooks