Quick Start

Get Odin Scan running on your repository in five minutes.

Step 1: Sign Up

Create an account at odinscan.ai. You can sign up with GitHub to automatically link your repositories.

Step 2: Create an API Key

1. Go to Settings > API Keys in the Odin Scan dashboard
2. Click Create API Key
3. Copy the generated key (format: odin_sk_*)
4. Add it as a repository secret in GitHub:
   • Navigate to your repository on GitHub
   • Go to Settings > Secrets and variables > Actions
   • Click New repository secret
   • Name: ODIN_SCAN_API_KEY
   • Value: paste your API key

Step 3: Add the GitHub Action

Create a workflow file at .github/workflows/security-scan.yml:

name: Security Scan
on:
  pull_request:
    branches: [main]

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
      - uses: odin-scan/odin-scan-action@v1
        with:
          api-key: ${{ secrets.ODIN_SCAN_API_KEY }}

This minimal configuration will:

• Automatically detect your project’s platform (CosmWasm, EVM, or Solana)
• Run the full analysis pipeline
• Post a summary comment on the pull request
• Upload SARIF results to GitHub Code Scanning
• Fail the workflow if critical or high severity findings are detected

Step 4: Push a PR

Open a pull request against your main branch. The Odin Scan action will run automatically. Once the analysis completes, you will see:

• A PR comment summarizing findings by severity
• Inline annotations on the diff highlighting specific vulnerabilities
• Security alerts in the repository’s Security tab (via SARIF)

Step 5: View the Full Report

Click the report link in the PR comment or navigate to odinscan.ai to view the full analysis report. The dashboard provides:

• Detailed vulnerability descriptions with affected code locations
• Remediation guidance for each finding
• Proof-of-concept code (when available)
• Historical scan comparisons across PRs

Next Steps

• Configure inputs – adjust severity thresholds, platform, and visibility
• How it works – understand the analysis pipeline
• API Reference – integrate programmatically
• Visibility Modes – control what findings appear in public PR comments