Implementation guides

Set up Shomar without slowing your team down

Use these starter guides to connect repositories, run scans, add security gates, and turn compliance evidence into an operating workflow.

Connect your first repository

10 min
  1. 1Create an integration token
  2. 2Authorize GitHub or GitLab
  3. 3Select repositories
  4. 4Confirm default branch access

Run a baseline SAST scan

15 min
  1. 1Choose scan type
  2. 2Set severity thresholds
  3. 3Start analysis
  4. 4Review findings and suggested fixes

Add Shomar to CI/CD

20 min
  1. 1Create an API key
  2. 2Add pipeline secret
  3. 3Call the scan endpoint
  4. 4Fail builds on critical findings

Configure compliance evidence

25 min
  1. 1Select framework bundle
  2. 2Upload supporting evidence
  3. 3Map gaps to owners
  4. 4Export assessment report

CI/CD example

Minimal pipeline command for a SAST scan gate.

shomar scan \
  --repo "$GITHUB_REPOSITORY" \
  --branch "$GITHUB_REF_NAME" \
  --fail-on critical \
  --frameworks owasp-top-10,popia,ndpr