INFINIVIEW/
DocsGet startedQuickstart

Quickstart

Five steps from sign-in to your first proof bundle. None of these require code changes — they just connect Infiniview to a repository and read its findings.

Before you start

You need a GitHub account and admin or push permission on at least one repository you want Infiniview to review. Public and private repositories both work. Draft pull requests are skipped automatically until they’re marked ready for review.

Note
Trusted commands (@infiniview review, @infiniview ignore, @infiniview help) require owner, member, collaborator, or write-or-better permission on the repo. Comments from other roles are ignored.

1. Sign in to the dashboard

Open app.infiniview.dev and sign in. The dashboard lands on Reviews, which is empty until your first scan completes.

2. Connect GitHub

Connecting GitHub lets Infiniview list the repositories available for manual scans and lets the GitHub App attribute installations to your account. The handshake is read-only at this stage.

GET /api/github/connect      # start OAuth
GET /api/github/callback     # OAuth callback (handled by Infiniview)
GET /api/github/disconnect   # remove the connection

3. Install the Infiniview GitHub App

Install the app on the repositories you want auto-reviewed. Auto-review can be scoped to specific repos in Configuration; leaving the repo list empty lets the installation run with default settings against any installed repository.

4. Run your first scan

You have three ways to launch a scan:

  1. Dashboard: from Reviews, choose a repo and branch and start a manual scan.
  2. Pull request: open a PR (or move it from draft to ready). The auto-review rules in Configuration decide whether Infiniview runs.
  3. Comment: post @infiniview reviewon a PR you’re trusted on to start a manual PR scan.

5. Decide from findings

When the scan completes, the run detail view shows the timeline, scanner coverage, story insights, and rerun availability. Use these views together:

  • Findings — backlog of issues with severity, source, exploitability, delta, and suppression filters.
  • Compare — answers what changed against the prior scan: new, regressed, fixed, recurring, suppressed.
  • Trust — explains run quality: verification mix, skipped scanners, replay readiness, coverage gaps.
  • Readiness — flags rerun blockers: GitHub access, missing env-var signals, replay prerequisites.
Done
At this point you have a scan, a backlog, and a proof bundle endpoint per finding. Anything else is tuning.

Where to go next

  • Configuration — tune scanners, severity threshold, exclusions, and runtime agents.
  • GitHub automation — limit auto-review scope, debounce pushes, control who can trigger.
  • Findings & evidence — what each finding carries and how suppressions work.
PreviousIntroductionNext Product surfaces
Edit on GitHub