INFINIVIEW/
DocsGet startedQuickstart

Quickstart

Five steps from sign-in to your first proof bundle. None of these require code changes — they just connect Infiniview to a repository and read its findings.

Before you start

You need a GitHub account and admin or push permission on at least one repository you want Infiniview to review. Public and private repositories both work. Draft pull requests are skipped automatically until they’re marked ready for review.

Note
Trusted commands (@infiniview review, @infiniview ignore, @infiniview help) require owner, member, or collaborator status on the repository, or write, maintain, or admin permission. Comments from other roles are ignored.

1. Sign in to the dashboard

Open app.infiniview.dev and sign in. The dashboard lands on Reviews, which is empty until your first review exists.

2. Connect GitHub

Connecting GitHub lets Infiniview list the repositories available for manual scans and lets the GitHub App attribute installations to your account. The handshake is read-only at this stage.

GET    /api/github/connect      # start OAuth
GET    /api/github/callback     # OAuth callback (handled by Infiniview)
DELETE /api/github/disconnect   # remove the connection

3. Install the Infiniview GitHub App

Install the app on the repositories you want auto-reviewed. Auto-review can be scoped to specific repos in Configuration; leaving the repo list empty lets the installation run with default settings against any installed repository.

4. Create your first review

You have three ways to create a review or start a new scan run:

  1. Dashboard: from Reviews, choose a repo and branch. Infiniview creates the review and starts its first scan run.
  2. Pull request: open a PR (or move it from draft to ready). The auto-review rules in Configuration decide whether Infiniview runs.
  3. Comment: post @infiniview reviewon a PR you’re trusted on to create or rerun the PR review.

5. Decide from findings

When the scan run completes, the run detail view shows the timeline, scanner coverage, story insights, and rerun availability. Use these views together:

  • Findings — backlog of issues with severity, source, exploitability, delta, and suppression filters.
  • Compare — answers what changed against the prior scan: new, regressed, fixed, recurring, suppressed.
  • Trust — explains run quality: verification mix, skipped scanners, replay readiness, coverage gaps.
  • Readiness — flags rerun blockers: GitHub access, missing env-var signals, replay prerequisites.
Done
At this point you have a review, its first scan run, a backlog, and a proof bundle endpoint per finding. Anything else is tuning.

Where to go next

  • Configuration — tune scanners, severity threshold, exclusions, and runtime agents.
  • GitHub automation — limit auto-review scope, debounce pushes, control who can trigger.
  • Findings & evidence — what each finding carries and how suppressions work.
PreviousIntroductionNext Product surfaces
Edit on GitHub