INFINIVIEW/
DocsGet startedIntroduction

Infiniview docs

Launch scans, connect GitHub, configure scanners, review forensic findings, and export proof.

Quickstart API reference

What is Infiniview

Infiniview is a security review platform that takes a repository, builds and runs it in a sandbox, and combines static analysis, dependency audits, secret detection, IaC scanning, and runtime agents into one stream of evidence. Each review can accumulate multiple scan runs; each run persists severity, fingerprints, locations, replay artifacts, delta state, and suppression memory so you can decide what to fix without re-deriving context.

You operate the product through the dashboard or directly from GitHub pull requests. Settings can live in the dashboard, the repo’s .infiniview.yml, or both — repo config wins for overlapping fields, and every scan run freezes the merged settings into a snapshot so changing settings mid-run never affects the active run.

Note
These docs cover scan triggers, GitHub automation, scanner and agent configuration, findings, evidence, exports, and the API contract. Infiniview is currently in public beta.

What Infiniview ships

Five capabilities make up a scan. Every run can use all five — coverage on any one is reported back so you can read trust at a glance.

  • Code review — reviews changed code for correctness, maintainability, and security-sensitive logic.
  • Security analysis — combines static analysis, dependency audits, secret detection, and configuration review across 25 scanners.
  • Runtime verification — confirms high-confidence findings against the running application when a safe test target is available.
  • Browser interaction testing — exercises reachable user flows and records evidence for broken or risky behavior.
  • Evidence packages — collects reproducible context, affected locations, and remediation guidance for confirmed issues.

On pull requests, scans post a check whose critical and high severity findings block merge. Medium, low, and info are reported but non-blocking.

How the docs are organized

  • Get started walks first-time operators from sign-in to a proof bundle.
  • Operate covers the scan lifecycle, GitHub automation rules, and the configuration model.
  • Tooling lists the available scanners and runtime agents.
  • Findings & proof explains evidence shape, trust scoring, readiness, and exports.
  • Reference contains the dashboard API contract and the operator FAQ.

Product surfaces

The dashboard is split into a small number of named surfaces. Most operator tasks happen in one of these — the rest of the docs assume you’ve seen them.

Reviews

Default dashboard view for recent reviews, selected review detail, story insights, readiness, and reruns.

Findings

Backlog across reviews with severity, source, exploitability, delta, category, suppression, and search filters.

Security

Scanner, runtime-agent, threshold, exclude-list, timeout, max-plan, and evidence-detail configuration.

Settings

GitHub auto-review repos, own-PR filtering, push debounce, encrypted repo secrets, and completion emails.

Scan history

Run timeline with phase durations, scanner coverage, compare counts, trust score, gaps, and recommendations.

Command palette

Cmd+K navigation across reviews, findings, settings, security configuration, scan history, and finding detail.

What to read next

  • Quickstartif you haven’t connected GitHub or run your first scan yet.
  • Scan workflow for the trigger-to-proof lifecycle and what the snapshot freezes.
  • GitHub automation for PR triggers, debounce, and trusted bot commands.
  • API referenceif you’re scripting around the dashboard.
Next Quickstart
Edit on GitHub