Skip to content

Establish Your First Connection

This comprehensive tutorial is designed to guide you through integrating your source code management and other pivotal workflows, laying the foundation for a robust security infrastructure on BoostSecurity.

What You'll Accomplish

By the end of this tutorial, you will have:

  • Successfully navigated the onboarding process.
  • Connected your source code management system.
  • Implemented dependabot and CI/CD pipeline configuration.
  • Harnessed security findings aligned with your organization's security checks for CI/CD and Dependabot.

1. Accept Terms and Login

The first point of entry to BoostSecurity is accepting the terms of service and logging into the dashboard. Your organization would be provisioned as a tenant on BoostSecurity with your account details and other information sent to you. Accept the terms of service at the bottom of the page, and you will be redirected to the BoostSecurity login page.

Accept Invitation email

Accept Terms of Service

On the login page, enter your Organization Name to continue and select an account to continue with. You can use the Oauth mechanisms of Google, GitLab, GitHub, BitBucket, and Microsoft to log in.

Enter Organization Name


2. Welcome to your Dashboard

Upon a successful login, you will be redirected to your dashboard page, which will have no data.

Dashboard page

3. Connect Your SCM and Retrieve Data

BoostSecurity supports integration with several Source Code Management tools which include GitHub, GitLab, BitBucket, and Azure DevOps.


Before proceeding to Step 4, it is crucial to complete all necessary steps within the linked page corresponding to your Source Control Management (SCM) system. Ensure you've thoroughly followed the instructions tailored to your SCM to avoid any disruptions or errors in the process.

4. Enable Default Scanner Protection

After successfully connecting to your Source Code Management tools, it is recommended to enable the CI/CD scanner for all SCMs on the scanner coverage page.

To do this:

  1. Navigate to the Scanner Coverage page and for all your SCMs, you'll see a column called Default Scanner Protection.

    Enable CI/CD Scanner

  2. Click on the column and select the toggle to Enable the CI/CD scanner for new organizations and repositories.

    Enable CI/CD Scanner

Furthermore, you have the option to enable the Dependabot scanner for GitHub by toggling Enable the Dependabot scanner for new repositories.

GitHub CI/CD

5. View Your Scans

The scanners configured on your GitHub organization via the security checks for CI/CD and Dependabot would already have some scan results. Go to the Scans page to check them out.

View Scans

6. Check out the Findings

Once BoostSecurity starts to receive data feeds, you can explore the results in the Findings page.


You can filter and drill down through the findings using the filters, allowing you to focus on findings from one or more project(s) (e.g., GitHub and GitLab repositories) or that were triggered by a specific scanner rule.

For each finding in this page, you can see:

  • The rule that detected the Findings.
  • The file path.
  • Source code lines where it was found.
  • A description and link to the documentation explaining why this is an issue, how to address it, and more.

Great job! Your organization has been successfully onboarded on BoostSecurity. You have connected your SCM and activated Dependabot and CI/CD pipelines, which enable scans. You can now see your security findings.


If you see no findings, don’t worry, it simply means the default policy didn’t find any significant problems with your repo configuration, but we will look more deeply at your areas of potential risk in the next tutorial, Enable ZTP.

Next Steps

Proceed to enable Zero Touch Provisioning, which allows for deeper scanning and insights.