> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Run your first scan from the CLI, then connect a GitHub account to the web dashboard.

## Scan from the CLI

<Steps>
  <Step title="Install the CLI">
    Grab the latest archive for your platform from [github.com/raphabot/pipefort/releases](https://github.com/raphabot/pipefort/releases), extract it, and put `pipefort` on your `PATH`:

    ```bash theme={null}
    tar -xzf pipefort_*.tar.gz
    sudo mv pipefort /usr/local/bin/
    ```

    See [Installation](/cli/installation) for the per-platform archive names.
  </Step>

  <Step title="Scan a local repo">
    ```bash theme={null}
    pipefort -p /path/to/your/repo
    ```

    The default `-p` flag scans `.github/workflows/*.yml` in the given directory.
  </Step>

  <Step title="Scan a remote GitHub repo">
    ```bash theme={null}
    pipefort -g owner/repo -o json
    ```

    The CLI shallow-clones the repo to a temp directory, scans it, and cleans up.
  </Step>

  <Step title="Apply automatic fixes">
    ```bash theme={null}
    pipefort -p . --fix
    ```

    Rewrites workflow YAML in place for the categories with a known safe fix (missing permissions, missing timeouts, dangerous `pull_request_target` triggers, and untrusted-input shell injection). See [Auto-fix](/cli/auto-fix).
  </Step>
</Steps>

## Use the web dashboard

<Steps>
  <Step title="Sign in">
    Open your Pipefort dashboard and click **Sign in with GitHub**. Identity comes from GitHub via OAuth.
  </Step>

  <Step title="Connect a GitHub account or org">
    Click **Connect** to install the Pipefort GitHub App on an account or organization. The app needs only read-only access to repo contents and metadata. See [GitHub setup](/webapp/github-setup) for the exact permissions.
  </Step>

  <Step title="Scan all repos">
    On the dashboard, click **Scan all**. Pipefort fetches each repo's workflow YAML through the GitHub API, scans it, and updates the posture donut + trend line live.
  </Step>

  <Step title="Drill into a finding">
    Click a repo to see its per-finding list. Each finding links directly to the offending `file:line` on GitHub.
  </Step>
</Steps>

## Next steps

<CardGroup cols={2}>
  <Card title="CLI reference" icon="terminal" href="/cli/flags">
    Every flag, output format, and exit-code behavior.
  </Card>

  <Card title="Rules reference" icon="shield-check" href="/rules/overview">
    The eight checks the scanner runs — what they catch and how to fix them.
  </Card>
</CardGroup>
