Documentation

Documentation

CyBox Security documentation – learn how to get started, connect your assets, and run scans to secure your code, dependencies, and apps.

Welcome to the documentation of CyBox Security.
This guide will help you set up your account, connect repositories or websites, and start scanning with our security tools.

1.1 Getting Started – Overview

CyBox is a unified security platform that scans your:

  • Source code for insecure patterns (SAST)
  • Dependencies for known vulnerabilities (SCA)
  • Secrets such as API keys and tokens
  • Infrastructure-as-Code for misconfigurations (IaC)
  • Live apps for exploitable flaws (DAST)

You can connect either:

  • A GitHub repository (public or private), or
  • A website URL for runtime scanning

All findings are presented in a single dashboard, prioritized by severity, with actionable recommendations.

1.2 Connecting a Repository

  1. Go to Assets in your CyBox dashboard
  2. Click Connect GitHub
  3. Authorize access to your repository
  4. Select the repos you want to scan
  5. CyBox will automatically clone, analyze, and show results

πŸ‘‰ Note: Currently GitHub is fully supported. GitLab and Bitbucket are on the roadmap.

1.3 Scanning a Website

  1. Go to Assets
  2. Click Add Website
  3. Enter your target URL (e.g. https://example.com)
  4. CyBox will run a dynamic analysis to detect runtime vulnerabilities

1.4 Viewing Results

After a scan completes, results are shown in the Results dashboard:

  • Issues grouped by severity (Critical, High, Medium, Low)
  • Each finding includes description, file/line (if applicable), and recommended fix
  • Some findings support auto-fix with one click

1.5 Supported Scanners

  • SAST – Semgrep
  • SCA – Trivy + OSV-Scanner
  • Secrets – Gitleaks
  • License – license-checker, pip-licenses, go-licenses
  • Malware & Package Audit – npm audit and equivalents
  • IaC Security – tfsec, Checkov, Terrascan, KICS
  • DAST – Browserless-powered runtime scans

Work in Progress

We’re still expanding the documentation. Upcoming sections will include:

  • Detailed guides for each scanner
  • CI/CD integration
  • Exporting reports
  • Security trends and analytics

This page is not yet complete β€” check back soon for more.

On this page