Quick Start

Get Odin Scan running on your repository in five minutes.

Step 1: Sign Up

Create an account at odinscan.ai. You can sign up with GitHub to automatically link your repositories.

Step 2: Install the GitHub App

1. Visit the Odin Scan GitHub App page and click Install
2. Select the repositories you want to enable
3. Confirm the installation

You can also find it from your repository: Settings > Integrations > GitHub Apps.

Step 3: Create an API Key

1. Go to Settings > API Keys in the Odin Scan dashboard
2. Click Create API Key
3. Copy the generated key (format: odin_sk_*)
4. Add it as a repository secret in GitHub:
   • Navigate to your repository on GitHub
   • Go to Settings > Secrets and variables > Actions
   • Click New repository secret
   • Name: ODIN_SCAN_API_KEY
   • Value: paste your API key

Step 4: Add the GitHub Action

Create a workflow file at .github/workflows/security-scan.yml:

name: Security Scan
on:
  pull_request:
    branches: [main]

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
      - uses: odin-scan/odin-scan-action@v1
        with:
          api-key: ${{ secrets.ODIN_SCAN_API_KEY }}

This minimal configuration will:

• Automatically detect your project’s platform (CosmWasm, EVM, or Solana)
• Run the full analysis pipeline
• Post a summary comment on the pull request
• Upload SARIF results to GitHub Code Scanning
• Fail the workflow if critical or high severity findings are detected

Step 5: Push a PR

Open a pull request against your main branch. The Odin Scan action will run automatically. Once the analysis completes, you will see:

• A PR comment summarizing findings by severity
• Inline annotations on the diff highlighting specific vulnerabilities
• Security alerts in the repository’s Security tab (via SARIF)

Step 6: View the Full Report

Click the report link in the PR comment or navigate to odinscan.ai to view the full analysis report. The dashboard provides:

• Detailed vulnerability descriptions with affected code locations
• Remediation guidance for each finding
• Proof-of-concept code (when available)
• Historical scan comparisons across PRs

Next Steps

• Configure inputs – adjust severity thresholds, platform, and visibility
• How it works – understand the analysis pipeline
• API Reference – integrate programmatically
• Visibility Modes – control what findings appear in public PR comments