Interactive guides
Step-by-step walkthroughs for every way to run an XploitScan scan. Written so a non-technical founder can follow along without a security background.
Scan from the browser
2 min ยท Indie hackers, founders, anyone without a CLI
Drag a folder, paste code, or scan a public GitHub URL. Best for first scans and quick sanity checks.
Open guide โ
Scan from the terminal
3 min ยท Developers, anyone working in a terminal already
Install the CLI with one command, scan a project locally, and read the results. No code uploaded.
Open guide โ
Install the GitHub App
2 min ยท Anyone on GitHub โ fastest path to PR scanning
Install once, get automatic PR scans + inline review comments. No workflow file, no API key.
Open guide โ
Add the GitHub Action
5 min ยท Teams with CI/CD pipelines
Run a security scan on every PR, post a Critical/High/Medium/Low table comment, and upload SARIF.
Open guide โ
Add XploitScan to GitLab CI
4 min ยท GitLab users
Drop a single job into .gitlab-ci.yml. Fails pipelines on critical findings, uploads the report as an artifact.
Open guide โ
Add XploitScan to Bitbucket Pipelines
4 min ยท Bitbucket users
One step in bitbucket-pipelines.yml scans every PR. Works on the free tier.
Open guide โ
Call the API directly
4 min ยท Custom integrations and build tooling
POST a JSON payload to the public scan endpoint from any CI system, custom tool, or build script.
Open guide โ
Install XploitScan rules in Cursor
3 min ยท Anyone coding in Cursor IDE
Teach Cursor to refuse the most common AI security mistakes at write-time instead of catching them after.
Open guide โ
Not sure which one is right for you? If you're new, start with the browser guide.
Start with the browser scanner โ